Re: Dead DC cleanup via GUI in 2008+

2012-12-12 Thread Andrew S. Baker 
Likewise...





*ASB
**http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>*
**Providing Virtual CIO Services (IT Operations & Information Security) for
the SMB market…***






On Tue, Dec 11, 2012 at 11:52 AM, Michael B. Smith wrote:

>  I almost always see extra entries hanging around in _msdcs that need to
> be manually cleaned up.
>
> ** **
>
> *From:* Webster [mailto:webs...@carlwebster.com]
> *Sent:* Tuesday, December 11, 2012 10:17 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Dead DC cleanup via GUI in 2008+
>
>  ** **
>
> It is that easy.  Right-click the dead DC in ADUC, select delete and you
> are done.
>
> ** **
>
> I, personally, would still verify the DNS stuff for the dead DC is gone.**
> **
>
> ** **
>
> Thanks
>
> ** **
>
> ** **
>
> Webster
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org ]
> *Subject:* Dead DC cleanup via GUI in 2008+
>
>  ** **
>
> You can clean up dead DC metadata from a GUI in 2008 and later? Just use
> ADUC and Sites and Services per this article:
>
> http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx
>
> ** **
>
> I have a dead DC that held no FSMO roles or anything else (DHCP, etc.),
> has anyone used this GUI method and still had to resort to command-line?**
> **
>
> ** **
>
> Seems too easy…lol
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dead DC cleanup via GUI in 2008+

2012-12-11 Thread Brian Desmond 
Correct - records with a timestamp of 0 (GUI calls them static records) never 
get cleaned up.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: Webster [mailto:webs...@carlwebster.com]
Sent: Tuesday, December 11, 2012 8:04 AM
To: NT System Admin Issues
Subject: RE: Dead DC cleanup via GUI in 2008+

IIRC from what Brian Desmond told me, static DNS entries get flagged as 
untouchable.  At least as far as Aging & Scavenging is concerned but I think 
that would apply to any process that wants to do automated cleanup.

Thanks


Webster

From: David Lum [mailto:david@nwea.org]
Subject: RE: Dead DC cleanup via GUI in 2008+

Good point and yes I did check DNS and found only a static entry. Sites and 
Services showed a it a as replication partner but it had additional "stuff" 
behind the name that made me think at next replication it might get removed, 
but I manually killed the entry. That's so much easier it's almost scary.

DCDIAG on the other DC's come up good!

Dave

From: Webster [mailto:webs...@carlwebster.com]
Subject: RE: Dead DC cleanup via GUI in 2008+

It is that easy.  Right-click the dead DC in ADUC, select delete and you are 
done.

I, personally, would still verify the DNS stuff for the dead DC is gone.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dead DC cleanup via GUI in 2008+

2012-12-11 Thread Brian Desmond 
You have to manually enable scavenging for that zone (and on a server to do it) 
which folks often don't do.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, December 11, 2012 8:53 AM
To: NT System Admin Issues
Subject: RE: Dead DC cleanup via GUI in 2008+

I almost always see extra entries hanging around in _msdcs that need to be 
manually cleaned up.

From: Webster [mailto:webs...@carlwebster.com]
Sent: Tuesday, December 11, 2012 10:17 AM
To: NT System Admin Issues
Subject: RE: Dead DC cleanup via GUI in 2008+

It is that easy.  Right-click the dead DC in ADUC, select delete and you are 
done.

I, personally, would still verify the DNS stuff for the dead DC is gone.

Thanks


Webster

From: David Lum [mailto:david@nwea.org]
Subject: Dead DC cleanup via GUI in 2008+

You can clean up dead DC metadata from a GUI in 2008 and later? Just use ADUC 
and Sites and Services per this article:
http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx

I have a dead DC that held no FSMO roles or anything else (DHCP, etc.), has 
anyone used this GUI method and still had to resort to command-line?

Seems too easy...lol

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dead DC cleanup via GUI in 2008+

2012-12-11 Thread David Lum 
I'm chasing this, but only on the DC I just stood up to replace the old one 
(new one reuses the old IP, but a different name). The other DC's aren't 
logging it: DCOM was unable to communicate with the computer  using any 
of the configured protocols

One thing I've found so far is name servers...the name server entries for the 
now-dead DC continued to exist in DNS, so I'm killing that from each zone 
(forward and reverse).

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, December 11, 2012 8:53 AM
To: NT System Admin Issues
Subject: RE: Dead DC cleanup via GUI in 2008+

I almost always see extra entries hanging around in _msdcs that need to be 
manually cleaned up.

From: Webster [mailto:webs...@carlwebster.com]
Sent: Tuesday, December 11, 2012 10:17 AM
To: NT System Admin Issues
Subject: RE: Dead DC cleanup via GUI in 2008+

It is that easy.  Right-click the dead DC in ADUC, select delete and you are 
done.

I, personally, would still verify the DNS stuff for the dead DC is gone.

Thanks


Webster

From: David Lum [mailto:david@nwea.org]
Subject: Dead DC cleanup via GUI in 2008+

You can clean up dead DC metadata from a GUI in 2008 and later? Just use ADUC 
and Sites and Services per this article:
http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx

I have a dead DC that held no FSMO roles or anything else (DHCP, etc.), has 
anyone used this GUI method and still had to resort to command-line?

Seems too easy...lol

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dead DC cleanup via GUI in 2008+

2012-12-11 Thread Michael B. Smith 
I almost always see extra entries hanging around in _msdcs that need to be 
manually cleaned up.

From: Webster [mailto:webs...@carlwebster.com]
Sent: Tuesday, December 11, 2012 10:17 AM
To: NT System Admin Issues
Subject: RE: Dead DC cleanup via GUI in 2008+

It is that easy.  Right-click the dead DC in ADUC, select delete and you are 
done.

I, personally, would still verify the DNS stuff for the dead DC is gone.

Thanks


Webster

From: David Lum [mailto:david@nwea.org]
Subject: Dead DC cleanup via GUI in 2008+

You can clean up dead DC metadata from a GUI in 2008 and later? Just use ADUC 
and Sites and Services per this article:
http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx

I have a dead DC that held no FSMO roles or anything else (DHCP, etc.), has 
anyone used this GUI method and still had to resort to command-line?

Seems too easy...lol

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dead DC cleanup via GUI in 2008+

2012-12-11 Thread Webster 
IIRC from what Brian Desmond told me, static DNS entries get flagged as 
untouchable.  At least as far as Aging & Scavenging is concerned but I think 
that would apply to any process that wants to do automated cleanup.

Thanks


Webster

From: David Lum [mailto:david@nwea.org]
Subject: RE: Dead DC cleanup via GUI in 2008+

Good point and yes I did check DNS and found only a static entry. Sites and 
Services showed a it a as replication partner but it had additional "stuff" 
behind the name that made me think at next replication it might get removed, 
but I manually killed the entry. That's so much easier it's almost scary.

DCDIAG on the other DC's come up good!

Dave

From: Webster [mailto:webs...@carlwebster.com]
Subject: RE: Dead DC cleanup via GUI in 2008+

It is that easy.  Right-click the dead DC in ADUC, select delete and you are 
done.

I, personally, would still verify the DNS stuff for the dead DC is gone.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dead DC cleanup via GUI in 2008+

2012-12-11 Thread David Lum 
Good point and yes I did check DNS and found only a static entry. Sites and 
Services showed a it a as replication partner but it had additional "stuff" 
behind the name that made me think at next replication it might get removed, 
but I manually killed the entry. That's so much easier it's almost scary.

DCDIAG on the other DC's come up good!

Dave

From: Webster [mailto:webs...@carlwebster.com]
Sent: Tuesday, December 11, 2012 7:17 AM
To: NT System Admin Issues
Subject: RE: Dead DC cleanup via GUI in 2008+

It is that easy.  Right-click the dead DC in ADUC, select delete and you are 
done.

I, personally, would still verify the DNS stuff for the dead DC is gone.

Thanks


Webster

From: David Lum [mailto:david@nwea.org]
Subject: Dead DC cleanup via GUI in 2008+

You can clean up dead DC metadata from a GUI in 2008 and later? Just use ADUC 
and Sites and Services per this article:
http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx

I have a dead DC that held no FSMO roles or anything else (DHCP, etc.), has 
anyone used this GUI method and still had to resort to command-line?

Seems too easy...lol

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dead DC cleanup via GUI in 2008+

2012-12-11 Thread Webster 
It is that easy.  Right-click the dead DC in ADUC, select delete and you are 
done.

I, personally, would still verify the DNS stuff for the dead DC is gone.

Thanks


Webster

From: David Lum [mailto:david@nwea.org]
Subject: Dead DC cleanup via GUI in 2008+

You can clean up dead DC metadata from a GUI in 2008 and later? Just use ADUC 
and Sites and Services per this article:
http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx

I have a dead DC that held no FSMO roles or anything else (DHCP, etc.), has 
anyone used this GUI method and still had to resort to command-line?

Seems too easy...lol

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dead DC cleanup via GUI in 2008+

2012-12-11 Thread Damien Solodow 
I've used it once and it seemed to do the trick.

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, December 11, 2012 10:10 AM
To: NT System Admin Issues
Subject: Dead DC cleanup via GUI in 2008+

You can clean up dead DC metadata from a GUI in 2008 and later? Just use ADUC 
and Sites and Services per this article:
http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx

I have a dead DC that held no FSMO roles or anything else (DHCP, etc.), has 
anyone used this GUI method and still had to resort to command-line?

Seems too easy...lol
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin