Windows 2000 includes a very useful command-line utility that provides Directory Service management capabilities that aren't implemented in the GUI administration tools. With the NTDSUTIL utility, you can perform database maintenance of the Active Directory store, manage and control the Floating Single Master Operations (FSMO), and clean up metadata left behind bV abandoned domain controllers that are removed from the network without being demoted properly.

As you all know, in the real world, servers crash. Sometimes they crash hard and can't be fixed. When that happens, you have no choice but to replace the server. In Windows 2000 when an AD DC crashes, the information about the server is still in the AD database. If you try to replace the server with the first server's unique info still in your directory, you're going to fail. In this article, we're going to show you how to use the NTDSUTIL command-line utility to remove orphaned AD metadata.

Using NTDSUTIL to remove AD metadata

First a bit of background-the Directory Service maintains various metadata for each site, domain, and domain controller in your forest. As you know, you use the Dcpromo.exe command for promoting and demoting AD DCs. In a perfect world, each AD DC that you no longer want to use as such would demote properly when you use the Dcpromo.exe command.

As part of the demotion process, the configuration data for the DC you're demoting would be removed from the AD and the NTDS Settings object for the DC removed from the site, resulting in a happy Windows 2000 administrator. However, a lot of unexpected things happen in the...