Clean up after your server!

While learning about the changes in Active Directory on Windows Server 2008 at a recent conference, the presenters casually mentioned a new feature as an aside that is actually quite exciting!

If you have ever had a Domain Controller stolen or experience catastrophic hardware failure, then you are familiar with the joy that is manually cleaning up the DC metadata in Active Directory with NTDSUTIL.  (This KB article has all the steps in case you have trouble going to sleep.  Daniel Petri also has a good write-up here).  It is a painful experience to say the least.

With the advent of the Read-Only Domain Controller role with Windows Server 2008, the Active Directory team has planned for the eventuality that a Domain Controller at a branch office (where it is likely stuck in the Janitor's closet or under a desk) will be stolen.  As the RODC only caches the credentials of the users at the branch office, there is no need to reset every password within the Enterprise, you can simply reset the passwords for the few users at the branch office.


You open up Active Directory Users and Computers

Right click on the stolen DC



You will be given the option to reset the passwords of the Users that were present on the RODC, export the user list to a file, and then the wizard will clean up all references to that RODC FOR you.  No messy ntdsutil work.

I checked with the presenters after the session, and this server cleanup also works swimmingly on a writeable Domain Controller.  If you have a catastrophic hardware failure and the Domain Controller has died for all time, you can go into the ADUC GUI and delete the diseased DC.  You will not receive the option to reset user accounts (as you would on the RDC), but all lingering metadata in AD relating to that server will be gone.

Making your life as a Windows Server Administrator easier... one feature at a time 🙂

For more reading, I would recommend:

Comments (2)

  1. SDA says:

    Beijing on June 10 morning news, according to Bloomberg survey report GTM Research and the American Solar Energy Industries Association released the first quarter of this year, US home solar power system capacity increase of 76% over last year, to 437
    megawatts (MW) ,Solar Batteries the nation’s new generating capacity, more than half of which is a photovoltaic power generation. The report shows that a quarter of the US solar power capacity by
    1.3 gigawatts (GW), the sixth consecutive quarterly increase of over 1 GW. The total annual installed capacity is expected to reach 7.9 GW, Solar Power Penerator , Solar Power Pack representing an increase of 27%.
    The report predicts that by 2016 solar power will meet the electricity needs of about 800 million households in the United States to offset 45 million metric tons of carbon emissions, equivalent to removing 10 million cars. energy storage system

Skip to main content