Metadata Cleanup of a

Domain controller

Step - 1

• Active Directory Users and Computers:

1. Open Active Directory Users and Computers (dsa.msc).

2. Find the domain controller whose metadata you want to clean up (Will be on
Domain controllers OU) and then click Delete.
Active Directory Sites and Services

1. Open Active Directory Sites and Services

2. If you have identified replication partners in preparation for this procedure

and if you are not connected to a replication partner of the removed domain
controller whose metadata you are cleaning up, right-click Active Directory
Users and Computers <DomainControllerName>, and then click Change
Domain Controller. Click the name of the domain controller from which you
want to remove the metadata, and then click OK.

3. Expand the site of the domain controller that was forcibly removed,
expand Servers, expand the name of the domain controller, right-click the NTDS
Settings object (If NTDS settings object is missing, It might have been deleted
when we deleted the DC from AD), and then click Delete.

A) In the Active Directory Domain Services dialog box, click Yes to

confirm the NTDS Settings deletion
B) Right-click the domain controller that was forcibly removed, and then
click Delete.
Remove DNS Entries:

1. Right click a Zone in DNS console and go to properties, Under Name server
tab delete the entries that are related to decommissioned DC.
3. Open DNS Console (dnsmgmt.msc) and expand the zone that is related to
the domain from where the server has been removed, Remove the
CNAME record in the _msdcs.root domain of forest zone in DNS. You
should also delete the HOSTNAME and other DNS records. If you have
reverse lookup zones, also remove the PTR record of the server from
these zones.
Run Dcdiag to verify all the stale entries related to failed DC has been removed
successfully.