[Samba] Unable to remove orphan DC entries

Andreas Oster aoster at novanetwork.de
Sat Apr 19 01:47:46 MDT 2014 

Am 09/04/14 17:05, schrieb Andy Durant:
> Yep I've checked there as well.
>
> Removed all traces from ADUC, DNS, adsiedit, sites and services, checked
> in domains and trusts.
>
> ntdsutil only gets me so far before syntax fails.
>
>
> On 4/9/2014 10:49 AM, lp101 wrote:
>> Did you verify using Sites and Services that all traces of this DC are
>> removed? I've had issues like this in the past where I forgot to
>> remove the NTDS settings. Even though I thought I did using ADSI. As
>> well as verifying in Users and Computers that this DC has been removed?
>>
>> On 4/9/2014 9:51 AM, Andy Durant wrote:
>>> Anyone have any ideas?
>>> Andy
>>>
>>>
>>> On 4/8/2014 11:46 AM, Andy Durant wrote:
>>>> Hi
>>>> I recently attempted to promote another dc into my domain and then
>>>> removed it which apparently didn't go well.
>>>>
>>>> The message said removal was successful however: I'm left with:
>>>>
>>>> DC=ForestDnsZones,DC=vestec,DC=local
>>>>         NTDS DN: CN=NTDS
>>>> Settings\0ADEL:0b41b6fb-d606-47c1-a7bd-61b8c84d4300,CN=VDC02\0ADEL:0e9bb614-0644-4b4d-9929-04f3137aa958,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vestec,DC=local
>>>>
>>>>                 DSA object GUID: 0b41b6fb-d606-47c1-a7bd-61b8c84d4300
>>>>                 Last attempt @ Tue Apr  8 11:41:07 2014 EDT failed,
>>>> result 2 (WERR_BADFILE)
>>>>                 13798 consecutive failure(s).
>>>>                 Last success @ NTTIME(0)
>>>>
>>>>
>>>> I've cleared out any references to the now orphaned DC via adsiedit
>>>> and ensured there were no more DNS entries remaining and yet the
>>>> error persists.  I can not find any more references anywhere to remove.
>>>>
>>>>
>>>>  Andy
>>>
>>
>
Hello Andy,

did you have success in removing the orphaned entries in the meantime ? 
As you know I have the same issue on one of my DCs. I have tried to 
simply demote the affected DC but it turned out, that the error moved on 
to one of the other DC which now showed orphaned entries of the just 
demoted DC. It seems, that either I have a really messed up AD or there 
is a really awfull bug in the demotion part of samba.

thanks

best regards

Andreas

More information about the samba mailing list