metadata cleanup

 

Applies To: Windows Server 2003, Windows Server 2008, Windows Server 2003 R2, Windows Server 2012, Windows Server 2003 with SP1, Windows 8

Cleans up metadata for failed domain controllers.

In Windows Server 2008 and Windows Server 2008 R2, you can use Active Directory Users and Computers or Active Directory Sites and Services. For more information, see Clean Up Server Metadata (https://go.microsoft.com/fwlink/?LinkId=185232).

When a failed domain controller stores the only copy of one or more domains or application directory partitions (also called "naming contexts"), metadata cleanup can also be used to clean up metadata for selected domains or application directory partitions. In this version of Ntdsutil.exe, metadata cleanup also removes File Replication Service (FRS) connections and attempts to transfer or seize any operations master roles (also known as flexible single master operations or FSMO roles) that the retired domain controller holds.

At the metadata cleanup: prompt, type any of the parameters listed under “Syntax.”

This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. Ntdsutil is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed. Dsmgmt is available if you have the AD LDS server role installed. These tools are also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (https://go.microsoft.com/fwlink/?LinkID=177813).

To use either of these tools, you must run them from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

Syntax

connections
[select operation target] {remove selected domain | remove selected naming context |remove selected server | remove selected server %s | remove selected server %s1 on %s2}

Parameters

Note

With this version of Ntdsutil.exe, you can remove server metadata by using the remove selected server %s or remove selected server %s on %2 commands without first using the Server connections and Select operation target submenus.

Parameter

Description

connections

Invokes the Server connections submenu.

remove selected domain

Removes the metadata associated with the domain that is selected in the Select operation target submenu.

remove selected naming context

Removes the metadata associated with the Naming Context that is selected in the Select operation target submenu.

remove selected server

Removes the metadata associated with the domain controller that is selected in the Select operation target submenu.

This parameter also removes FRS metadata and tries to transfer or seize operations master roles.

remove selected server %s

Removes directory and FRS metadata for the disabled server %s from the directory on localhost, and attempts to transfer or seize any operations master roles that are held by server %s to localhost.

This parameter also removes FRS metadata and tries to transfer or seize operations master roles.

remove selected server %s1 on %s2

Connects to server %s2, removes directory and FRS metadata for server %s1 from the directory on server %s2, and attempts to transfer or seize any operations master roles held by server %s1 to server %s2.

This parameter also removes FRS metadata and tries to transfer or seize operations master roles.

select operation target

Invokes the Select operation target submenu.

quit

Takes you back to the previous menu, or exits the utility.

?

Displays Help at the command prompt.

Help

Displays Help at the command prompt.

Remarks

  • The directory service maintains various metadata for each domain and server known to the forest. Normally, domains and domain controllers are created by means of promotion using the Active Directory Installation Wizard and are removed by means of demotion using the same tool. You can invoke the Active Directory Installation Wizard by typing dcpromo at the command prompt.

    Promotion and demotion are designed to correctly clean up the appropriate metadata. In the directory, however, you might have domain controllers that were decommissioned incorrectly. In this case, their metadata is not cleaned up. For example, you might have forcefully removed AD DS by using dcpromo /forceremoval, or you might have a domain controller that has failed, and rather than attempting to restore it, you decide to retire the server. This leaves some information about the retired domain controller in the directory. The general model of operation is to connect to a server known to have a copy of the offending metadata, select an operation target, and then delete the metadata of the selected target. This version of Ntdsutil.exe can automatically connect to a specified server and remove metadata for a specified target in the same step.

    Note

    Do not delete the metadata of existing domains and domain controllers.

  • Ntdsutil does not correctly handle special characters, such as the apostrophe character ('), that you can enter at the ntdsutil: prompt at the command line. In some situations, there may be an alternative workaround. For more information, see local roles.

Examples

To remove metadata for a server named RODC1, type the following command, and then press ENTER:

metadata cleanup: remove selected server RODC1

Additional references

Command-Line Syntax Key

Dsmgmt

Ntdsutil

authoritative restore

configurable settings

DS behavior

files

group membership evaluation

ifm

LDAP policies

local roles

partition management

roles

security account management

semantic database analysis

set DSRM password

snapshot