Metadata Cleanup – Unsuccessful Demotion of Domain Controller

Why Metadata Cleanup ?

When a domain controller crashes or removed from network. Active Directory assumes that the Domain Controller is alive and you will see replication problems. This affects Microsoft Exchange Server and other mission critical applications which are dependent on AD.

DcDiag and NetDiag will help us understand if there is any replication problems.

Permission Requisites

The account should be a member of Domain Admins and Enterprise Admins Group.

Lets Explore


Two Domain Controller – DC-13 and DC1


Figure 1.1 : Netdom query DC

In figure 1.1 what we see is both the DC is available, however the fact is DC1 is crashed. Lets say they are crashed for following reason

  1. Drive Crashed
  2. Blue Screen of death
  3. Hardware Issue
  4. Unsuccessful Demotion of DC (Unplugged from Network).
  5. Virus infected

In our scenario DC1 is crashed.

Before we move ahead lets check where does FSMO roles exists.


Figure 1.2 : Netdom Query FSMO

Since FSMO roles are available in DC-13 we will start Metadata cleanup.

Go to command prompt and type the below command.


Figure 1.3 : Ntdsutil

Ntdsutil is the utility which can be used for various active directory tasks.


Figure 1.4 : Metadata Cleanup

Type Metadata cleanup as shown in figure 1.4.


Figure 1.5 : Connections

Type connections as shown in figure 1.5.


Figure 1.6 : Connect to server

Connect to server. In our scenario we will connect to DC1 which is crashed.


Figure 1.7 : Quit

Type quit as shown in figure 1.7.

Metadata cleanup appears


Figure 1.8 : Select Operation Target


Figure 1.9 : List Domain


Figure 1.10 : Select Domain 0

In figure 1.10 it says no site found. To list the site we have to run the below command.


Figure 1.11 : List Site

Now in figure 1.11 it list the site which is “Default-First-Site-Name”


Figure 1.12 : Select Site 0

In figure 1.12 again it says No Current Server. To list the server in the site type the below command.


Figure 1.13 : List servers in site

In figure 1.13 it has listed two servers in the site.


Figure 1.14 : Select Server 1


Figure 1.15 : Type Quit


Figure 1.16 : Remove Selected Server


Figure 1.17 : Select Yes

Now the process will perform Metadata cleanup for the failed DC.

Post performing the above task we have to ensure that DNS information is also removed. Please remove them using DNS management console.


The server object has to be removed manually from Active Directory Sites and Services.


When you use DFS Replication in Windows Server 2008 and in later versions, the current version of Ntdsutil.exe does not clean up the DFS Replication object. In this case, you can use Adsiedit.msc to correct the DFS Replication objects for Active Directory Domain Services (AD DS) manually. To do this, follow these steps:

  • Logon a domain controller as a domain administrator in the affected domain. 
  • Start Adsiedit.msc. 
  • Connect to the default naming context. 
  • Locate the following DFS Replication topology container:

CN=Topology,CN=Domain System Volume,CN=DFSR-Globalsettings,CN=System,DC=Your Domain,DC=Domain Suffix 

  • Delete the msDFSR-Member CN object that has the old computer name.

Tested On

Windows Server 2003

Windows Server 2008


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: