I just learned that when you aren’t able to normally demote a domain controller in Active Directory and have to perform a metadata cleanup, if you’re running Windows 2008 or R2 it’s become much easier.
The classic method for cleaning up the DC’s metadata in Active Directory has been to go into NTDSUTIL and running through a sequence of commands to point at the right computer object representing the domain controller, then removing it. What I just learned from one of the Microsoft directory services guys is that
…you can use Active Directory Users and Computers to clean up server metadata. In this procedure, deleting the computer object in the Domain Controllers organizational unit (OU) initiates the cleanup process, which proceeds automatically.
The only place so far I’ve found this documented are those two sentences in this TechNet article. Simple! Just delete the computer object! Now I need to go try it in my test lab…
No comments:
Post a Comment