Metadata cleanup of a failed domain controller in Active Directory

 Performing metadata cleanup is an important step when you need to remove the remnants of a failed or decommissioned domain controller from Active Directory. Here are the steps to perform metadata cleanup:

Using Active Directory Users and Computers Snap-in:

1. Ensure that the failed domain controller is not online or reachable.

2. On a domain controller or a computer with the Remote Server Administration Tools (RSAT) installed:

   • Open "Active Directory Users and Computers" (ADUC).
   • Make sure that "Advanced Features" is enabled from the "View" menu.

3. In ADUC, navigate to the following path:

   • Domain > System > Domain Controllers

4. Right-click on the failed domain controller object, and select Delete.

Using Ntdsutil:

1. Open a command prompt on a domain controller.

2. Type the following command:

   
   ntdsutil
   

3. At the ntdsutil: prompt, type:

   
   metadata cleanup
   

4. At the metadata cleanup: prompt, type:

   
   remove selected server <FailedDCName>
   

   Replace <FailedDCName> with the name of the failed domain controller.

5. Confirm the removal by typing:

   
   quit
   

Using Active Directory Sites and Services Snap-in:

1. Open "Active Directory Sites and Services" (ADSS).

2. Navigate to the following path:

   • Sites > Default-First-Site-Name > Servers

3. Right-click on the failed domain controller, and select Delete.

Verify DNS Records:

Ensure that DNS records associated with the failed domain controller are removed manually.

Cleaning up Metadata for Demoted Domain Controllers:

If the failed domain controller was properly demoted before it failed, you might need to perform additional cleanup in the ADUC and ADSS tools.

Final Steps:

1. Check for any remaining references in DNS and remove them.

2. Monitor the event logs on other domain controllers for any errors related to the removed domain controller.

3. Run dcdiag and repadmin /replsummary to ensure that the domain controllers are replicating properly.

Remember, these steps should be performed with caution. Always have a backup before making changes to your Active Directory infrastructure, and consider consulting with your IT team or a domain expert if you are unsure about any step.