The Life of Brian

How to Remove a Failed or Offline DC

I’ve seen this issue come up time and time again.  Some administrator decided to remove an old DC from the network but forgot to remove it from Active Directory or the DC has entered a failed state and cannot be recovered from.  In a perfect world DCPROMO is all you have to do to remove a DC from the environment.  However, if that DC was already shutdown or DCPROMO is giving you problems you will have to remove it the manual way.  That method involves using a command called NTDSUTIL.  NTDSUTIL is a command line tool that allows you to perform some of the more advanced Active Directory maintenance tasks.

Below are the steps needed to remove a failed or offline Domain Controller from your environment.
TIP: NTDSUTIL does not require the full command to be entered…you only have to enter enough of the command that is unique.  For Example, instead of typing metadata cleanup you could just type met cle…or better yet m c

1. Open the Command Prompt
2. Type ntdsutil (all the commands will be entered via this command prompt)
3. Type metadata cleanup
4. Type connections
5. Type connect to server <ServerName> and replace <ServerName> with the name of a functional DC in your environment…even if you are logged in locally.  This step is not needed post W2K3 SP1.
6. Type quit
7. Type select operations target
8. Type lists sites
9. Type select site <#> where <#> is the site where the failed or offline DC resided
10. Type list servers in site
11. Type select server <#>  where <#> is the DC that is failed or offline
12. Type list domains
13. Type select domain <#>  where <#> is the domain where the failed or offline DC resided (at this point you should verify that the site, server and domain are all selected)
14. Type quit (this should set you back to the metadata cleanup menu)
15. Type remove selected server ( a warning message will pop up…verify that this is the correct DC…in fact get a peer to verify it for you too)
16. Click Yes
17. Open Active Directory Sites and Services
18. Expand out the site that the failed or offline DC resided in
19. Verify the DC cannot be expanded out (no connection objects and such)
20. Right Click the DC and select Delete
21. Close Active Directory Sites and Services
22. Open Active Directory Users and Computers
23. Expand the Domain Controllers OU
24. Delete the failed or offline DC from the OU (if it even exists)
25. Close Active Directory Users and Computers
26. Open DNS Manager
27. Expand the zones where this DC was also a DNS server and perform the following steps
28. Right click the zone and select Properties
29. Click the Name Servers tab
30. Remove the failed or offline DC from the Name Servers tab
31. Click OK to also remove the HOST (A) or Pointer (PTR) record if asked
32. Verify the zone no longer has a DNS record for the failed or offline DC

You can also find more info located on Microsoft site here and here for removing orphaned domains.

Microsoft Clustering Resources

This has to be the mother of all resource collections on Microsoft clustering and high availability.  I’ve copied over the links directly from the MS Cluster blog so that I have quick access to them in the future.

General Resources

• Cluster Team Site: Clustering Technical Resources
• Guide: Failover Clustering Deployment
• Guide: Validating Hardware for a Failover Cluster
• Guide: Migrating Cluster Settings
• Guide: Configuring the Quorum in a Failover Cluster
• Guide: Configuring Accounts in Active Directory
• Guide: Configure a Service or Application for High Availability
• Guide: Modifying Settings for a Failover Cluster
• Guide: Installing a Failover Cluster
• Guide: Creating a Failover Cluster
• Guide: Cluster Requirements
• Guide: Validating a cluster
• Guide: Managing a Failover Cluster
• Guide: The Failover Cluster Management Snap-In
• TechNet: Support Policy
• Webcast: Top 10 Windows Server 2008 Failover Clustering Enhancements over Windows Server 2003 Clustering, Based on Best Practices (Level 300)
• Webcast: Failover Clustering 101
• Webcast: Achieving High Availability with Windows Server “Longhorn” Clustering (Level 200)
• Webcast: Microsoft Webcast: Reducing IT Overhead with Windows Server 2008 Storage Features
• Webcast: TechNet Webcast: Build High-Availability Infrastructures with Windows Server 2008 Failover Clustering
• Webcast: IT Manager Webcast: Delivering High Availability to Your Infrastructure
• Webcast: TechNet Webcast: Failover Cluster Validation and Troubleshooting with Windows Server 2008
• Webcast: TechNet Webcast: Failover Clustering and Quorum in Windows Server 2008 Enterprise Storage
• Webcast: TechNet Virtual Lab: Windows Server 2008 Enterprise Failover Clustering Lab
• Whitepaper: Failover Cluster Architecture Overview
• Whitepaper: Microsoft’s HA Strategy
• Whitepaper: Overview of Failover Clustering

Core

• Utility: Remote Server Administration Tools (simplifies Server Core configurations)
• Guide: Server Core
• TechNet: Installation
• Webcast: How Microsoft does IT: Enhancing High Availability with Server Core in Windows Server 2008

Exchange Server

• Lab: TechNet Virtual Lab: Exchange Server 2007 Standby Continuous Replication
• Lab: TechNet Virtual Lab: Using Cluster Continuous Replication (CCR) in Exchange 2007
• TechNet: Installing Cluster Continuous Replication (CCR) on 2008
• TechNet: Deploying Exchange 2003 in a Cluster
• TechNet: Planning for Cluster Continuous Replication (CCR)
• TechNet: Installing CCR on Windows Server 2008
• Webcast: How Microsoft IT Implemented New Storage Designs for Exchange Server 2007

File Server

• Guide: Configuring a Two-Node File Server Failover Cluster
• TechNet: Creating a Clustered File Server checklist
• TechNet: Create a Shared Folder in a Clustered File Server
• WebCast: TechNet Webcast: Prepare Yourself for Windows Server 2008 (Part 5 of 8): New File Server Features
• WebCast: How Microsoft IT Deploys Windows 2008 Clusters for File Services
• Webcast: New File Server Features of Windows Server 2008 (Level 200)

Hyper-V

• Guide: Testing Hyper-V and Failover Clustering
• Guide: Getting Started with Hyper-V
• Guide: Design for a Failover Cluster in Which All Nodes Run Hyper-V
• TechNet: High-Availability for a Server Running Hyper-V
• TechNet: Requirements and Recommendations for Failover Clusters in Which All Nodes Run Hyper-V
• TechNet: Failover Cluster in which the Servers run Hyper-V
• Webcast: TechNet Webcast: High Availability with Hyper-V
• Webcast: TechNet Webcast: 24 Hours of Windows Server 2008 (Part 24 of 24): High Availability with Hyper-V
• Webcast: TechNet Webcast: Creating Business Continuity Solutions Using Windows Virtualization
• Whitepaper: Quick Migration with Hyper-V

Multi-Site Clustering

• Cluster Team Site: http://www.microsoft.com/windowsserver2008/en/us/clustering-multisite.aspx
• Guide: Deployment Considerations for Windows Server 2008 failover cluster nodes on different, routed subnets
• Webcast: TechNet Webcast: Geographically Dispersed Failover Clustering in Windows Server 2008 Enterprise
• Webcast: How You Can Achieve Greater Availability with Failover Clustering Across Multiple Sites (Level 300)
• Whitepaper: Multi-site Clustering

Network Load Balancing

• Guide: NLB Troubleshooting Overview
• Guide: Server Core: Install the NLB feature
• Guide: Create/manage/destroy NLB clusters via NLB Manager remotely from another server, or from RSAT client (admin pack) on Vista
• TechNet: Configuring NLB with Terminal Services
• TechNet: NLB Deployment Guide
• TechNet: Implementing a new NLB Cluster
• TechNet: Verifying the NLB Cluster and Enabling Client Access
• TechNet: Overview of NLB
• TechNet: Creating NLB Clusters
• TechNet: Managing NLB Clusters
• TechNet: Setting NLB Parameters
• TechNet: Controlling Hosts on NLB clusters
• TechNet: Troubleshooting for System Event Messages Related to NLB Cluster
• TechNet: User Interface: NLB Manager
• TechNet: Upgrading a NLB Cluster
• Webcast: 24 Hours of Windows Server 2008 (Part 23 of 24): Failover Clustering and Network Load Balancing

SQL Server

• Guide: SQL Server 2000 with Failover Clustering
• MSDN: Getting Started with SQL Server 2008 Failover Clustering
• MSDN: Configuring SQL Server 2005 Failover Clustering
• MSDN: Configuring SQL Server 2000 Failover Clustering
• TechNet: Database Mirroring and Failover Clustering
• TechNet: SQL Server 2005 Database Mirroring FAQs
• TechNet: Database Mirroring in SQL Server 2005
• Webcast: Microsoft SQL Server 2005 Failover Clustering on Windows Server 2008
• Webcast: TechNet Webcast: 24 Hours of SQL Server 2008: Ensuring Business Continuity
• Webcast: TechNet Webcast: Overview of SQL Server Availability Features and Upcoming Improvements
• Webcast: TechNet Webcast: Achieving Higher Scalability with SQL Server on Windows Server 2003 R2 Enterprise Edition (Level 300)
• Webcast: Ensuring Business Continuance with SQL Server 2005 Data Availability Solutions (Level 300)
• Webcast: Clustering Windows Server 2003 and SQL Server 2000/2005 (Level 200)
• Webcast: SQL Server 2005 for the IT Professional (Part 7 of 11): Technologies and Features to Improve Availability (Level 200)
• Webcast: SQL Server 2005 Failover Clustering for SQL Server 2000 Users (Level 200)
• Webcast: An Introduction to How SQL Server 2005 Can Help You Deliver Highly Available Database Systems (Level 200)
• Webcast: Clustering Windows Server 2003 and SQL Server 2000 and 2005 (Level 200)
• Webcast: How to cluster Microsoft SQL Server 2005 by using Microsoft Virtual Server
• Whitepaper: SQL Server 2008 Replication: Providing High Availability using Database Mirroring

Script That Displays Group Membership and Active Directory Location

The following code can be run to display the group membership of an Active Directory group and also let you know each member’s LDAP Distinguished Name.  The output will name the text file the group name and will include all the members and their location in Active Directory.  Just copy this into a txt file and rename to .vbs  Enjoy!

Set objGroup = GetObject("LDAP://cn=GroupName,ou=OUName,DC=DomainName,DC=local")
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.OpenTextFile(objGroup.Get("name") & " - Members.txt", 2, True, 0)
For Each objMember in objGroup.Members
  objFile.WriteLine objMember.Get("sAMAccountName") & VbTab & _
    objMember.Get("cn") & VbTab & _
    objMember.Parent
Next
Set objFile = Nothing
Set objFileSystem = Nothing
Set objGroup = Nothing

How to Search for an Email Address in Active Directory

From time to time I’ve had to figure out which user account has a specific email address.  Actually its more like finding who has the “reallycoolemailaccount@company.com” so another “more senior” person can get it.  Well if you work in a smaller company this can be kind of easy…but if your directory has thousands of accounts it becomes more difficult and time consuming.

What you will want to do is open up Active Directory Users and Computers and right-click the domain and select Search.  Select the drop-down arrow in the Find field to select Custom Search.  If you have multiple domains make sure to select Entire Directory on the In field.  Now just click on the Advanced tab and put the following text in the LDAP Query - proxyaddresses=smtp:<whatever the email is you’re looking for>.  Now all you have to do is click on Find Now and if the email is in use it will show the user account that is using it.