metadata cleanup
Applies To: Windows Server 2003, Windows Server 2008, Windows Server 2003 R2, Windows Server 2012, Windows Server 2003 with SP1, Windows 8
Cleans up metadata for failed domain controllers.
In Windows Server 2008 and Windows Server 2008 R2, you can use Active Directory Users and Computers or Active Directory Sites and Services. For more information, see Clean Up Server Metadata (https://go.microsoft.com/fwlink/?LinkId=185232).
When a failed domain controller stores the only copy of one or more domains or application directory partitions (also called "naming contexts"), metadata cleanup can also be used to clean up metadata for selected domains or application directory partitions. In this version of Ntdsutil.exe, metadata cleanup also removes File Replication Service (FRS) connections and attempts to transfer or seize any operations master roles (also known as flexible single master operations or FSMO roles) that the retired domain controller holds.
At the metadata cleanup: prompt, type any of the parameters listed under “Syntax.”
This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. Ntdsutil is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed. Dsmgmt is available if you have the AD LDS server role installed. These tools are also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (https://go.microsoft.com/fwlink/?LinkID=177813).
To use either of these tools, you must run them from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
For examples of how to use this command, see Examples.
Syntax
connections
[select operation target] {remove selected domain | remove selected naming context |remove selected server | remove selected server %s | remove selected server %s1 on %s2}
Parameters
Note
With this version of Ntdsutil.exe, you can remove server metadata by using the remove selected server %s or remove selected server %s on %2 commands without first using the Server connections and Select operation target submenus.
Parameter |
Description |
---|---|
connections |
Invokes the Server connections submenu. |
remove selected domain |
Removes the metadata associated with the domain that is selected in the Select operation target submenu. |
remove selected naming context |
Removes the metadata associated with the Naming Context that is selected in the Select operation target submenu. |
remove selected server |
Removes the metadata associated with the domain controller that is selected in the Select operation target submenu. This parameter also removes FRS metadata and tries to transfer or seize operations master roles. |
remove selected server %s |
Removes directory and FRS metadata for the disabled server %s from the directory on localhost, and attempts to transfer or seize any operations master roles that are held by server %s to localhost. This parameter also removes FRS metadata and tries to transfer or seize operations master roles. |
remove selected server %s1 on %s2 |
Connects to server %s2, removes directory and FRS metadata for server %s1 from the directory on server %s2, and attempts to transfer or seize any operations master roles held by server %s1 to server %s2. This parameter also removes FRS metadata and tries to transfer or seize operations master roles. |
select operation target |
Invokes the Select operation target submenu. |
quit |
Takes you back to the previous menu, or exits the utility. |
? |
Displays Help at the command prompt. |
Help |
Displays Help at the command prompt. |
Remarks
The directory service maintains various metadata for each domain and server known to the forest. Normally, domains and domain controllers are created by means of promotion using the Active Directory Installation Wizard and are removed by means of demotion using the same tool. You can invoke the Active Directory Installation Wizard by typing dcpromo at the command prompt.
Promotion and demotion are designed to correctly clean up the appropriate metadata. In the directory, however, you might have domain controllers that were decommissioned incorrectly. In this case, their metadata is not cleaned up. For example, you might have forcefully removed AD DS by using dcpromo /forceremoval, or you might have a domain controller that has failed, and rather than attempting to restore it, you decide to retire the server. This leaves some information about the retired domain controller in the directory. The general model of operation is to connect to a server known to have a copy of the offending metadata, select an operation target, and then delete the metadata of the selected target. This version of Ntdsutil.exe can automatically connect to a specified server and remove metadata for a specified target in the same step.
Note
Do not delete the metadata of existing domains and domain controllers.
Ntdsutil does not correctly handle special characters, such as the apostrophe character ('), that you can enter at the ntdsutil: prompt at the command line. In some situations, there may be an alternative workaround. For more information, see local roles.
Examples
To remove metadata for a server named RODC1, type the following command, and then press ENTER:
metadata cleanup: remove selected server RODC1