Cleans up metadata for failed domain controllers.
When a failed domain controller stores the only copy of one or more domains or application directory partitions (also called "naming contexts"), metadata cleanup can also be used to clean up metadata for selected domains or application directory partitions. In this version of Ntdsutil.exe, metadata cleanup also removes File Replication Service (FRS) connections and attempts to transfer or seize any operations master roles that the retired domain controller holds.
At the metadata cleanup: prompt, type any of the parameters listed under Syntax.
Ntdsutil is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed. To use ntdsutil, you must run the ntdsutil command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
For examples of how to use this command, see Examples.
Syntax
connections
[select operation target] {remove selected domain | remove selected naming context |remove selected server | remove selected server %s | remove selected server %s1 on %s2}
Parameters
|
Note |
|
With this version of Ntdsutil.exe, you can remove server metadata by using the remove selected server %s or remove selected server %s on %2 commands without first using the Server connections and Select operation target submenus. |
| Parameter | Description |
|---|---|
|
connections |
Invokes the Server connections submenu. |
|
remove selected domain |
Removes the metadata associated with the domain selected in the Select operation target submenu. |
|
remove selected naming context |
Removes the metadata associated with the Naming Context selected in the Select operation target submenu. |
|
remove selected server |
Removes the metadata associated with the domain controller selected in the Select operation target submenu. This parameter also removes File Replication Service (FRS) metadata and tries to transfer or seize operations master roles. |
|
remove selected server %s |
Removes directory and FRS metadata for the disabled server %s from the directory on localhost, and attempts to transfer or seize any operations master roles held by server %s to localhost. This parameter also removes FRS metadata and tries to transfer or seize operations master roles. |
|
remove selected server %s1 on %s2 |
Connects to server %s2, removes directory and FRS metadata for server %s1 from the directory on server %s2, and attempts to transfer or seize any operations master roles held by server %s1 to server %s2. This parameter also removes FRS metadata and tries to transfer or seize operations master roles. |
|
select operation target |
Invokes the Select operation target submenu. |
|
quit |
Takes you back to the previous menu or exits the utility. |
|
? |
Displays help at the command prompt. |
|
Help |
Displays help at the command prompt. |
Remarks
- The directory service maintains various metadata for each
domain and server known to the forest. Normally, domains and domain
controllers are created by means of promotion using the Active
Directory Installation Wizard and are removed by means of demotion
using the same tool. You can invoke the Active Directory
Installation Wizard by typing dcpromo at the command
prompt.
Promotion and demotion are designed to correctly clean up the appropriate metadata. In the directory, however, you might have domain controllers that were decommissioned incorrectly. In this case, their metadata is not cleaned up. For example, you might have forcefully removed AD DS by using dcpromo /forceremoval, or you might have a domain controller that has failed, and rather than attempting to restore it, you decide to retire the server. This leaves some information about the retired domain controller in the directory. The general model of operation is to connect to a server known to have a copy of the offending metadata, select an operation target, and then delete the metadata of the selected target. This version of Ntdsutil.exe can automatically connect to a specified server and remove metadata for a specified target in the same step.
Note Do not delete the metadata of existing domains and domain controllers.
Examples
To remove metadata for a server named RODC1, type:
metadata cleanup: remove selected server RODC1