Domain Controller Metadata Cleanup after Domain Controller Failure
Metadata Cleanup – After the failure of a Domain Controller, and the subsequent rebuild of a new domain controller, you may be left with some orphaned entries in Active Directory. The metadata cleanup removes any information about the dead Domain Controller. It also removes FRS and DFSR entries, and will also seize any operation master roles as well if they were on the dead domain controller.
- Domain Admin Account is needed to perform these actions.
This only worked for me on a Domain Controller (documentation that I have read has said that it can be run via a workstation using RSAT (ADUC) but this didn't work for me it resulted in the below error.
- Make sure that accidental deletion is turned off for the object.
- I have done these steps on Windows Server 2012 environment at a 2012 Functional Level.
To start, go to an active Domain Controller and then open up Active Directory Users and Computers. Navigate to the Domain Controllers folder and right click on the dead domain controller and then select delete.
Tick the checkbox confirming that the Domain Controller is actually dead. Then select Delete.
Make sure that you have another Global Catalog server in your domain and then select Yes.
Once this is done, wait for replication to occur within your Active Directory so that the changes propagate out to the other DC's and the metadata cleanup is complete.
You can then verify everything has gone well with the metadata cleanup by running the following checks at an elevated command line on an Active Domain Controller.
Dcdiag /a /c /v /f:C:\logfile.log
Repadmin /showrepl * /verbose /all /intersite > C:\repllog.log
For further reading, check out the links below.