active directory metadata cleanup introduction directory metadata cleanup introduction: force...
TRANSCRIPT
Active Directory MetaData Cleanup
Introduction: Force removal of Domain Controller role is the last option for an Administrator which
helps Admins to avoid installing the entire Operating System. There are different scenarios where
Administrators have to perform force removal of Domain Controller and MetaData cleanup adds an
important step post removal of DC.
Requirement :
Customer is running Active Directory 2003 with different roles installed on the Domain Controller, such
as DHCP , which is not a recommended practice. Customer has involved Consulting organization to clean
up the Active Directory design issues and clean up Active Directory.
Customer requirement is to stage additional Domain Controller and add it as ADC to existing Domain
controller. Detach DHCP from Domain Controller and migrate the DHCP role. Transfer Roles to ADC and
decommission Windows server 2003 Domain Controller.
Infrastructure
Role Operating System
DHCP Server Windows Server 2008 r2
Additional Domain Controller Windows Server 2008 R2
Domain Controller ( post demotion ) Windows Server 2008 R2
Solution Diagram
Existing Infrastructure:
Domain Controller[2k3]
IAS Server
To INTERNAL
To PERIMETER
To PERIMETER
To INTERNET
INT
ER
NA
L N
ET
WO
RK
INT
ER
NE
T
Proposed:
Domain Controller[2k8]
IAS Server
To INTERNAL
To PERIMETER
To PERIMETER
To INTERNET
INTE
RN
AL
NET
WO
RK
INTE
RN
ET
Certificate Servers
DHCP Server
Application Servers
Scope of Work:
Below steps provides high level scope of work to perform the Metadata clean post DC Demotion.
AD Group Requirement: Domain Admins
DHCP :
After Organization’s IT team has provisioned the DHCP server and performed windows update,
Consultant will perform the DHCP migration from Windows Server 2003 to Windows Server 2008. Below
article will be used as reference.
http://support.microsoft.com/kb/962355
Post migration, Consultants will test the IP connectivity, DHCP lease , PXE Boot configuration and
Dynamic DNS Registrations.
Active Directory:
Step1: Identify the Replication partner and connect to one of the domain controller to perform
metadata cleanup . Administrators can use Sites container to display the data
Sites Servers DC name NTDSSetting ( list of connection objects )
Step2: Force Domain Controller removal
Administrators can use dcpromo/forceremoval switch
Step3: Metadata cleanup. Complete process can be found out from the below link
http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
Certificate Authority:
After successful migration of Active Directory, Consulting team will install and configure Certificate
services ( Microsoft CA ) on the infrastructure. This would help Organization to use in house PKI solution
for their Web applications / Client or Server communications.
References:
http://technet.microsoft.com/en-us/library/cc794860(v=ws.10).aspx - Force removal of DC
http://technet.microsoft.com/en-us/library/cc772726(v=ws.10).aspx – AD Replication model
http://support.microsoft.com/kb/962355 - DHCP Migration