We see a lot of problems in the domain if there is unsuccessful demotion of any Domain Controller in the domain.
Unsuccessful Demotions will include:
1. Either the DC was directly disconnected form the network without running the DCPROMO on the box.
2. We ran a DCPROMO /FORCEREMOVAL command on the domain controller.
3. The DC went down due to some reason and did not boot again.
If this DC does not exists in the domain and we still see it listed in the Active Directory Sites and Services the following will occur:
1. All the other domain controllers that are running fine will still be thinking that there is another domain controller and we need to replicate information to it as well.
2. We start getting REPLICATION Errors in the Directory Service Logs in the eventvwr and the File Replication starts failing as well.
3. This inturn may cause the sysvol to get unshared or the policies and the scripts folder to be missing from the following location c:\windows\SYSVOL\Sysvol\domainname
Problems that may occur due to the following :
Microsoft Exchange System Attendant Service won't start.
MSExchangeSA is giving a DSACCESS Error in the Eventvwr as the server is not recognized as a DC anymore and the Exchange is not able to find a GC or a DC.
Group Policies wont apply as Active Directory is not functioning properly.
Users wont be able to login to the domain as they are not able to find a valid KERBEROS server to authenticate or cannto find a DC.
And many more...........
Procedure to do a Metadata cleanup
=======================
C:\>ntdsutil
Ntdsutil: metadata cleanup
Metadata cleanup: connections
Connections: connect to server servername (servername is the server you are working on)
PRESS Q and get into the metadata prompt again
Metadata Cleanup: Select Operation Target
Select Operation Target: list domains (In the SBS Scenario we will see only one domain)
Select Operation Target: Select domain DOMAINNUMBER
Select Operation Target: list sites
Select Operation Target: select site SITENUMBER
Select Operation Target: list servers in site (This will list all the DC’s in the domain)
Select Operation Target: select server SERVERNUMBER(Server number will be of the server which we need to remove)
PRESS Q and get back to the metadata cleanup prompt
Metadata cleanup: remove selected server
This will prompt you to press YES to remove the server.
Then go to DNS management console.
Expand the forward lookup zone
Go to the properties of the ZONE
Go to the name server tab and remove the server that is no longer a DNS server.
Do the same for all the Forward lookup and reverse lookup zones created.
Go to ADSIEDIT - > Configuration -> Sites -> Default First Site And delete the Non-Existing Domain controller.
You will not see the Non-Existing Domain controller in Active Directory Sites And Services.
REFRENCE:
How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/kb/216498Please feel free to post your comments
