Deepak Naik: 2009

Monday, December 21, 2009

Movie - Warriors of the net

Here you can find the movie Warriors of the net in several different languages. It is the prefect tool for introducing Internet to novice users. It helps the newcommers visualise how the Net works. The movie is 12 minutes long. It is about an IP packets journey through net past routers, firewalls and transatlantic cables. It is available for free download for non-commercial use.

How they did it:

The animation part - Finding out the concept...

We started out by going through the basics about TCP/IP and how it works. I, Gunillla Elam, tried to get a grip on the elementary parts and how to visualise them in an effective manner. The first thing that struck me when we started to draw the outlines for this project was how mechanical things seems to work on a network or on the web. So, I decided to make the inhabitants of the web as machinery or parts thereof. I also wanted to have a rusty, kind of worn out look and feeling in the environment - as being filled with lots and lots of hard-working creatures...

Putting it together...
All modeling and animation was made with 3dsMAX 2.5 with the textures , lots of metals! made as bitmaps in Photoshop.
The lights were made using Cebas LumaObjects and the blue explosions were made using their PyroCluster plug-in. I made some postprocessing in Adobe After Effects and the final editing was made in Premiere.
For the web graphics I used Macromedia Flash along with Photoshop.
For self studies in 3D I highly recommend Eni Okens classes at:

The music - The stunning imagery of Gunilla Elam created the scene for the soundtrack of Warriors of the Net. I, Niklas Hanberger, started out by finding a few different motives that suited some key scenes in the story. The first that started the ball rolling was actually the firewall and router switch scenes which made me think of circus or fairground environments but then severely tilted into some strange dark metalic machinery soundscape. The tivoli theme actually exists as a more normally orchestrated recording if any orchestra out there wants to use it in their repetoir :-)
Then came the monk choir theme which sounded dooming enough to represent the journey into the unknown and also the mighty router! The whole soundtrack was built around these and a few other themes and combined so that themes represented known actors in the movie (ah, the router!) but always modified so that everything continues to move towards the end.
Apart from assorted syntheseizers and keyboards from Yamaha and Roland I made extensive use of the SoundBlaster Live card. I used sequencers from Cakewalk and Steinberg and Sound Forge from Sonic Foundry.

installation of Mac OS X on a Windows PC.

Step 1 - Purchase/Download and Install VMware

VMware Server is now available for free at vmware.com

You can also download the freeware VMware Player and effectively have a legally free, full-version VMware Workstation if you are comfortable editting the config without a GUI.

Download a copy of VMware Server and follow the installation guide for that piece of software.

Step 2 - Download OS X 10.4.5 or 10.4.6 or 10.4.7 or 10.4.8 ISO

When possible you should operate from a legal copy of the operating system. This is the only way to ensure that it is free of viruses and future security updates can be applied without worry if the software "phones home".

If you cannot for whatever reason, the torrent search sites are offering up torrents for images (ISOs) of an installation disc. The image I used was Myzar's ISO, entitled "Mac OS X 10.4.5 Myzar.iso". The JaS 10.4.6 release has also been tested using this guide.

Once you have installed VMware and obtained a copy of Mac OS X (x86) you're ready to proceed to step 3.

Note regarding 10.4.8 iso: JAS torrent will not boot in VMWare (There is no Booting Problem with the latest JAS 10.4.8 Torrent Pre-Patched with PPF1 from the Pirates Bay). AMD torrent works nicely on 32 bit host OS. If BIOS supports Intel Virtualization, it must be turned off or 10.4.8 kernel goes into 64 bit mode and crashes unless you use -legacy switch.

Note: The install DVD that normally comes with a Macintosh system, even with the same chipset, will not work with the instructions below.

Step 3 - Mount the ISO

If you are using an image you will need to make the image available for use by the virtual machine. VMware has the ability to mount CD/DVD images. Unfortunately, as of the writing of this guide, it is unable to properly mount HFS+ images (the file system used by the Mac OS X installation DVD). It will result in the VM hanging when loading the kernel, throwing messages in the console such as:

Load of /sbin/launchd, errno 8, trying /sbin/mach_init
     Load of /sbin/launchd, errno 8

Personally, I used Alcohol 120% to mount the ISO. This is where I tell you that Alcohol 120% is a great program and the developers deserve compensation. If you can find a way to afford it, please do.

Another alternative to Alcohol 120% is DAEMON-tools. You can download it for free at daemon-tools.cc

You can also get a free trial of Alcohol 120% at trial.alcohol-soft.com

or the free version of Alcohol 52% from free-downloads.net

NOTE: Alcohol 120% and 52% mount images very similarly to Daemon Tools, so unless you need any of the other functions that Alcohol offers, using Daemon Tools is all that is necessary.

A very simple way to mount also is by using magicdisc. its a disc mounting program that works wonders.

I've heard of problems with people mounting the ISO in other programs and/or burning it to a DVD and trying it that way. Save yourself some trouble and just use Alcohol 120%.

An alternative, which works on any host is to use qemu-img.

* get qemu through a package manager or from QEMU's Download Page (binaries for x86 linux and Windows)
* qemu-img convert -f raw .iso -O vmdk .vmdk
* attach .vmdk as an IDE disk
* attach .iso as a CD disk
* boot

Then boot from the CD as described below. The boot loader on the ISO image will find the IDE disk and start the installation from it. If the 5.5 vmware workstation complains about the the disk image being an older version, just select to use the previous version and select upgrade next time when you power on the VM. --- but don't, because you don't need to ise the image other than for installing.

Yet another way to do it, which I believe is easier, is to simply burn the .iso file to a DVD disk, then in the Virtual machine specify your DVD-ROM device. It worked with no problem for me in VMWare Server 1.0.3 on a Linux host.

With the ISO Mounted, it's time to open up VMware Server to start the installation.

Step 4 - Create a New Virtual Machine

Note: the free VMware Player does not provide the option to create a new virtual machine, but it can easily be done with third-party utilities. The EasyVMX website (http://www.easyvmx.com) does a good job.

Upon starting VMware, click on the "New Virtual Machine" button.

A Wizard will open. Click Next.

Select Typical. Click Next. (On later versions of VMWare, select Custom instead so that you can set your disk drive to IDE instead of SCSI, as required below.)

Select Other, then pick FreeBSD. Click Next.

IMPORTANT NOTE! If you are using a Conroe or Core 2 Duo, select "Windows" and then "Windows NT" from the dropdown list. Using FreeBSD will cause a stack fault on boot. Same applies to Core Duo (945PM/Calistoga).

You will likely need to select one [1] Virtual Processor as well. Selecting 2 Virtual Processors will likely cause installation and/or bootup to fail.

for Gigabyte GA-965P-DQ6: IDE is used instead of SCSI. otherwise the system will not be able to find any installable disk.
for Asrock Conroe 945G-DVi: IDE is used instead of SCSI. otherwise the system will not be able to find any installable disk.
Dell E1405 and D620 (and maybe other Dell Core Duo laptops): IDE is required instead of SCSI.
for Asus P5B-VM IDE is required instead of SCSI, otherwise the system will not be able to find any installable disk.
(If you do not see this option, go back to the beginning and choose Custom instead of Typical. You cannot change SCSI to IDE once you have created the VM.)

Name it whatever you want (I used "Mac OS X"), put it wherever you want. Click Next.

Location of virtual harddisk drives can be determined at this point in time. For best performance always try to put virtual machines on a separate physical hard drive. Partitions don't count. This is because the biggest performance hit in virtual machines is disk I/O. If the VM is on the same drive as your OS the VM fights with your OS for disk access. When the OS needs to use a swap file it makes the matter much, much worse. Additionally, today's USB 2.0 and firewire external hard drives run on a fast interface bus, have large buffers and spin at 7,200 rpm, as opposed to 4,200 rpm for most laptop hard drives.

If you are using a non-legal copy you'll want to use Host-only networking initially to prevent Mac OS X from registering itself during installation. If this is a legal copy, use NAT. Click Next.

Set the Disk size to anything greater than 6GB. You don't have to but I recommend that you allocate the disk space now so that disk performance is increased. When done, click Next. You may also split files into 2GB pieces if on FAT partition.

Click Finish. . . .

Step 5 - Setting up your Virtual Machine

Open up your new virtual machine configuration.

Under Devices:

Double click Memory and set the amount of RAM you'd like to use. The minimum is 128MB but the recommended minimum is 256MB. Make sure you don't use too much of your total RAM as swapping may occur and could lead to big problems! I use 512MB (out of 1GB System) and I have set my Memory Preferences [Edit>Preferences>Memory] to Fit all virtual machine memory into reserved host RAM.

Double click the CD-ROM drive and select the letter of the Virtual Drive with the mounted ISO that you created with Alcohol 120%. If you are using Daemon Tools you may not see your drive listed. See the next step for further details.

Now EXIT VMware. Here comes the boring part =P

Step 6 - Editing your VMware Config

Locate where you've stored your Virtual Machine files in Windows Explorer.

Mine is ..\My Documents\My Virtual Machines\MacOSX\

Open up your Virtual Machine Configuration File (.vmx extension) in Notepad.

Add the following line to the end of the file.

paevm="true"

(note: If you haven't CPU with PAE, you can't run OSx86 under VMWare on your CPU; OSx86 need PAE compatible CPU for work. Intel Pentium M <1.5GHz haven't PAE, so you don't have to try it on this CPU)

If you are using Daemon tools you may need to help VMware find the drive. If that is the case then modify the lines in the configuration file referring to the CD-ROM drive similar to this (note replace X: with the drive you have configured in Daemon Tools):

ide1:0.present = "TRUE"

ide1:0.fileName = "X:"

ide1:0.deviceType = "cdrom-raw"

Save the Config file, close Notepad, and continue to Step 7.

Note on 10.4.8 8.8.1 kernel and networking: This is a good time to remove existing ethernet0virtualDev (if any) and add:

ethernet0.virtualDev="e1000"

Note sometimes scsi0.present = "TRUE" won't Work So set it to False i.e scsi0.present = "FALSE"

Note also, if you change any settings in the VMWare interface after editing the ".vmx" file, it will overwrite your changes. You will need to go back and change the settings again!

Here comes the fun part =D

Step 7 - Installing Mac OS X

Start your Mac OS X Virtual Machine.

When the Mac OS X boot prompt appears, click the logo then hit F8 to add boot options.

Type in "-v" and hit enter. This puts you into Verbose mode which will let you know if something is going wrong.

It may take a while depending on your hardware to load the installation. Be patient.

Step 8 - Setting up your Hard Drive

Following along in the installation, you'll reach a point where it's time to select your Hard Drive, but nothing is listed.

Open Utilities -> Disk Utility on your disk

Note Re 10.4.8: Disk Utility has been reported not to work (it makes an efi partition). Use a prior version to partition your disk, or partition it with another OS, then use 10.4.8 disk utility to erase (by reformatting) this partition. Otherwise it won't boot. Note: no need for using a previous version just apply PPF2 to fix the disk utility http://forum.insanelymac.com/index.php?showtopic=38125

Select the VMware drive on the left. Click "partition" on the right.

Change the Volume Scheme to 1 partition and choose a name. The format should stay "Mac OS Extended (Journaled)" and the partition should use all space available.

Click "partition", then "partition" again. After it is finished (progress in bottom right), you can close the Disk Utility.

Your drive now shows up in setup. Proceed, proceed.

Step 9 - Using a Custom Installation

If you have a "patched" installation you should select a custom installation to see if there are patches listed there that you'll need to include (such as selecting the appropriate patch set for your CPU, see Comment 2). Another place to check is opening up a Terminal window and looking around the installation disc..

Final Notes

You may want to disable your internet connection before you start/finish Mac OS X setup so you can avoid registering on Apple's servers.

Note that this guide may not work for you because of incompatible hardware.

It may be helpful to create a snapshot of the VM after a fresh installation, to allow for settings reversal at a later time; OSX loads a settings wizard at first boot to customise various settings.

If you are using VMware Server, you may wish to switch to VMware Player after you've finished installation and finished tweaking settings. Using Mac OS X in VMware Player is noticeably faster compared to VMware Server's Remote Console. You can even enable Dock Magnification and it'll work smoothly. Just move your virtual machine folder to another location, uninstall VMware Server, and then install VMware Player (they don't let you have both installed at once).

Eventually, support the makers of the software by buying all of the software listed in this guide. . .

Addendum 1: Installing Directly to a Physical Disk

You can install Mac OS X directly to a physical disk using VMware Workstation 5.5:

File > New Virtual Machine.
Choose Custom, then choose Other/FreeBSD for guest OS.
For "Number of processors" choose one... even if you have two.
For the disk configuration select "Use a physical disk".
For the "Devices" drop down box carefully select the disk you'd like to use.
Close VMware, then goto the location where the configuration file is stored.
Open the configuration file in a text editor:

Remove the following lines:

scsi0.present = "TRUE"
scsi0.virtualDev = "lsilogic"
scsi0:0.present = "TRUE"
scsi0:0.fileName = "FreeBSD.vmdk"
scsi0:0.deviceType = "rawDisk"

Add the following lines:

scsi0.present = "FALSE"
ide0:0.present = "TRUE"
ide0:0.fileName = "FreeBSD.vmdk"
ide0:0.redo = ""
ide0:0.mode = "independent-persistent"

Open the Disk Descriptor File (FreeBSD.vmdk) and change the following line:

ddb.adapterType = "lsilogic"

to:

ddb.adapterType = "ide"

Reopen VMware and continue configuring the other settings to your liking.
Once you get to the Mac OS X installer screen perform the following steps:

Enter disk utility to create partition table. (Utilities -> Disk Utility):
  a. Select drive to install onto.
  b. Click the "Partition" tab and configure partition table like so:
      > 1 Partition, Mac OS Extended (Journaled)
  c. Label the disk... 'Macintosh HD' is the preferred disk label.
  d. Hit the "Partition" button and exit Disk Utility.
Activate the OS X partition:
  a. Open the Terminal to activate the partition. (Utilities -> Terminal)
  b. Use the fdisk tool in Terminal as follows:
      > fdisk -e /dev/rdisk0
      > f 1
      > write
      > y
      > exit
  c. Quit Terminal and return to Installer.

You may now continue on to step 9 (above).

Addendum 2: Installing VMware image to boot your PC

First of all, you can�t install OS X on a new partition, it needs it�s own drive. For this guide Im installing it on my Sony Vaio TR2A. Since I only have one harddrive, it means I�m wiping windows and all my files in the process. You can easily follow the same steps but instead install it on a second harddrive in your PC. Here is how I have succesfully install OS X x86 NATIVELY on my laptop!

First of all, I think your CPU needs at LEAST sse2. For rosetta and to get itunes and other ppc apps working, you need sse3. My vaio has a Pentuim M, so no rosetta for me. Everything else works. Im posting this from the OS X x86 port of Firefox Wink

1. Download �VMWare files for patched Mac OS X Tiger Intel”�from your favorite torrent site. (Hint: Use the search function).

2. Copy tiger-x86-flat.img from the archive to an external USB drive (it�s 6gb)

3. Download Ubuntu Live CD (link) …�be sure you get the �Live CD”!!

4. Burn the ubuntu iso, stick it in your pc, and boot it! (make sure you have your bios set to boot to CD)

5. Once ubuntu boots and the gui finally comes up, hook up the USB drive you copied the 6gb image to. A window should pop up showing the contents of the drive. Take note of where its mounted. It should be /Devices/Yourdrivesvolumename

6. Open a terminal window and cd to that directory (/Devices/Yourdrivesvolumename). Do an �ls”�to make sure you are in the right place (you should see the 6gb img file.

7. In the terminal window type:

dd bs=1048576 if=./tiger-x86-flat.img of=/dev/hda

Replace hda with the correct drive! If you only have one drive, its probably hda. Thats what mine was. You are about to erase this entire drive so make sure youve got it right and make sure you want to do this! Hit enter. It takes a while…�took my vaio about 9 minutes.

8. When it�s done, remove the ubuntu disc and shut down the pc. Disconnect your usb drive. Thats it! When you power it back on, OS X should boot!

For whatever reason, mine hangs when its loading. If this happens to you, boot with the -x option (hit a button at the darwin screen when you boot your pc. enter “�x”�and hit enter). Should work without any problems, and I dont see any restrictions being in safe mode.

You�ll notice there is a login screen, and you dont know the password! This image was created by �deadmoo”�and we can easily change his password. Reboot the machine again. Again, hit a button at the darwin screen. This time type “�v”�and hit enter. At the command prompt screen type:

sh /bin/sh passwd curtis (change the password to what you like)

passwd deadmoo (change the passwrod to what you like)

Done! Now reboot once more, and again use the “�x”�option. Everything should boot, and at the login screen enter your new password.

WELCOME TO THE OS X x86 CLUB! Look ma, no vmware!

Note: If you are installing this in a PC and have multiple drives, you dont need to use an external drive or linux distro. Simply dd the image in the same manner to any physical drive in your pc, and when its done boot to that drive and it should work. For windows users, there is a port of dd for windows you can use here.

I messed around with this in vmware before installing natively, and I can tell you running it native is a million times faster! Its full speed. USB works, ethernet works, all the x86 software works. Enjoy!

Wednesday, November 18, 2009

Deleting a failed Domain Controller object from Active Directory

When you try to remove a domain controller from your Active Directory domain by using Dcpromo.exe and fail, or when you began to promote a member server to be a Domain Controller and failed (the reasons for your failure are not important for the scope of this article), you will be left with remains of the DCs object in the Active Directory. As part of a successful demotion process, the Dcpromo wizard removes the configuration data for the domain controller from Active Directory, but as noted above, a failed Dcpromo attempt might leave these objects in place.

The effects of leaving such remains inside the Active Directory may vary, but one thing is sure: Whenever you'll try to re-install the server with the same computername and try to promote it to become a Domain Controller, you will fail because the Dcpromo process will still find the old object and therefore will refuse to re-create the objects for the new-old server.

In the event that the NTDS Settings object is not removed correctly you can use the Ntdsutil.exe utility to manually remove the NTDS Settings object.

If you give the new domain controller the same name as the failed computer, then you need perform only the first procedure to clean up metadata, which removes the NTDS Settings object of the failed domain controller. If you will give the new domain controller a different name, then you need to perform all three procedures: clean up metadata, remove the failed server object from the site, and remove the computer object from the domain controllers container.

You will need the following tool: Ntdsutil.exe, Active Directory Sites and Services, Active Directory Users and Computers.

Also, make sure that you use an account that is a member of the Enterprise Admins universal group.

Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality.

To clean up metadata

1. At the command line, type Ntdsutil and press ENTER.

2. At the Ntdsutil: prompt, type metadata cleanup and press Enter.

3. At the metadata cleanup: prompt, type connections and press Enter.

4. At the server connections: prompt, type connect to server , where is the domain controller (any functional domain controller in the same domain) from which you plan to clean up the metadata of the failed domain controller. Press Enter.

Note: Windows Server 2003 Service Pack 1 eliminates the need for the above step.

5. Type quit and press Enter to return you to the metadata cleanup: prompt.

6. Type select operation target and press Enter.

7. Type list domains and press Enter. This lists all domains in the forest with a number associated with each.

8. Type select domain , where is the number corresponding to the domain in which the failed server was located. Press Enter.

9. Type list sites and press Enter.

10. Type select site , where refers to the number of the site in which the domain controller was a member. Press Enter.

11. Type list servers in site and press Enter. This will list all servers in that site with a corresponding number.

12. Type select server and press Enter, where refers to the domain controller to be removed.

13. Type quit and press Enter. The Metadata cleanup menu is displayed.

14. Type remove selected server and press Enter.

You will receive a warning message. Read it, and if you agree, press Yes.

At this point, Active Directory confirms that the domain controller was removed successfully. If you receive an error that the object could not be found, Active Directory might have already removed from the domain controller.

15. Type quit, and press Enter until you return to the command prompt.

To remove the failed server object from the sites

1. In Active Directory Sites and Services, expand the appropriate site.

2. Delete the server object associated with the failed domain controller.

To remove the failed server object from the domain controllers container

1. In Active Directory Users and Computers, expand the domain controllers container.

2. Delete the computer object associated with the failed domain controller.

3. Windows Server 2003 AD might display a new type of question window, asking you if you want to delete the server object without performing a DCPROMO operation (which, of course, you cannot perform, otherwise you wouldn't be reading this article, would you...) Select "This DC is permanently offline..." and click on the Delete button.

4. AD will display another confirmation window. If you're sure that you want to delete the failed object, click Yes.

To remove the failed server object from DNS

1. In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed.

2. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records.

3. If you have reverse lookup zones, also remove the server from these zones.

Other considerations

Also, consider the following:

· If the removed domain controller was a global catalog server, evaluate whether application servers that pointed to the offline global catalog server must be pointed to a live global catalog server.

· If the removed DC was a global catalog server, evaluate whether an additional global catalog must be promoted to the address site, the domain, or the forest global catalog load.

· If the removed DC was a Flexible Single Master Operation (FSMO) role holder, relocate those roles to a live DC.

· If the removed DC was a DNS server, update the DNS client configuration on all member workstations, member servers, and other DCs that might have used this DNS server for name resolution. If it is required, modify the DHCP scope to reflect the removal of the DNS server.

If the removed DC was a DNS server, update the Forwarder settings and the Delegation settings on any other DNS servers that might have pointed to the removed DC for name resolution.

Configure a Windows 2000 or 2003 Server as a Global Catalog

The Global Catalog (GC) contains an entry for every object in an enterprise forest but only a few properties for each object. An entire forest shares a GC, with multiple servers holding copies. You can perform an enterprise wide forest search only on the properties in the GC, whereas you can search for any property in a user’s domain tree. Only Directory Services (DS) or Domain Controller (DC) can hold a copy of the GC.

Configuring an excessive number of GCs in a domain wastes network bandwidth during replication. One GC server per domain in each physical location is sufficient. Windows NT sets servers as GCs as necessary, so you don’t need to configure additional GCs unless you notice slow query response times.

Because full searches involve querying the whole domain tree rather than the GC, grouping the enterprise into one tree will improve your searches. Thus, you can search for items not in the GC.

By default, the first DC in the First Domain in the First Tree in the AD Forest (the root domain) will be configured as the GC.

You can configure another DC to become the GC, or even add it as another GC while keeping the first default one.

Reasons for such an action might be the need to place a GC in each AD Site.

To configure a Windows 2000/2003 Domain Controller as a GC server, perform the following steps:

1. Start the Microsoft Management Console (MMC) Active Directory Sites and Services Manager. (From the Start menu, select Programs, Administrative Tools, Active Directory Sites and Services Manager).

2. Select the Sites branch.

3. Select the site that owns the server, and expand the Servers branch.

4. Select the server you want to configure.

5. Right-click NTDS Settings, and select Properties.

6. Select or clear the Global Catalog Server checkbox, which the Screen shows.

7. Click Apply, OK.

You must allow for the GC to replicate itself throughout the forest. This process might take anywhere between 10-15 minutes to even several days, all depending on your AD infrastructure.

Fix an Unsuccessful Domain Controller Demotion

How can I manually delete a server object from the Active Directory database in case of a bad DCPROMO procedure?

MS KB 216498 has more info:
The DCPROMO (Dcpromo.exe) utility is used for promoting a server to a domain controller and demoting a domain controller to a member server (or to a standalone server in a workgroup if the domain controller is the last in the domain). As part of the demotion process, the DCPROMO utility removes the configuration data for the domain controller from the Active Directory. This data takes the form of an "NTDS Settings" object, which exists as a child to the server object in the Active Directory Sites and Services Manager.
The information is in the following location in the Active Directory:CN=NTDS Settings,CN=, CN=Servers,CN=,CN=Sites, CN=Configuration,DC=...
The attributes of the NTDS Settings object include data representing how the domain controller is identified in respect to its replication partners, the naming contexts that are maintained on the machine, whether or not the domain controller is a Global Catalog server, and the default query policy. The NTDS Settings object is also a container that may have child objects that represent the domain controller's direct replication partners. This data is required for the domain controller to operate within the environment, but is retired upon demotion.In the event that the NTDS Settings object is not removed properly (for example, the NTDS Settings object is not properly removed from a demotion attempt), the administrator can use the Ntdsutil.exe utility to manually remove the NTDS Settings object. The following steps list the procedure for removing the NTDS Settings object in the Active Directory for a given domain controller. At each NTDSUTIL menu, the administrator can type help for more information about the available options.
Caution: The administrator should also check that replication has occurred since the demotion before manually removing the NTDS Settings object for any server. Using the NTDSUTIL utility improperly can result in partial or complete loss of Active Directory functionality.

Procedure

1. Click Start, point to Programs, point to Accessories, and then click Command Prompt. At the command prompt, type

ntdsutil

and then press ENTER.

2. Type

metadata cleanup

and then press ENTER. Based on the options given, the administrator can perform the removal, but additional configuration parameters need to be specified before the removal can occur.

3. Type

connections

and press ENTER. This menu is used to connect to the specific server on which the changes occur. If the currently logged on user does not have administrative permissions, alternate credentials can be supplied by specifying the credentials to use before making the connection.

To do so, type

set creds domain nameusernamepassword

and press ENTER. For a null password, type null for the password parameter.

4. Type

connect to server servername

and then press ENTER. You should receive confirmation that the connection is successfully established. If an error occurs, verify that the domain controller being used in the connection is available and the credentials you supplied have administrative permissions on the server.

Note: If you try to connect to the same server that you want to delete, when you try to delete the server that step 15 refers to, you may receive the following error message:

Error 2094. The DSA Object cannot be deleted0x2094

Note: Windows Server 2003 Service Pack 1 eliminates the need for steps 3 and 4.

5. Type

quit

and then press ENTER. The Metadata Cleanup menu appears.

6. Type

select operation target

and press ENTER.

7. Type

list domains

and press ENTER. A list of domains in the forest is displayed, each with an associated number.

8. Type

select domain number

and press ENTER, where number is the number associated with the domain to which the server you are removing is a member. The domain you select is used to determine if the server being removed is the last domain controller of that domain.

9. Type

list sites

and press ENTER. A list of sites, each with an associated number, is displayed.

10. Type

select site number

and press ENTER, where number is the number associated with the site to which the server you are removing is a member. You should receive a confirmation listing the site and domain you chose.

11. Type

list servers in site

and press ENTER. A list of servers in the site, each with an associated number, is displayed.

12. Type

select server number

where number is the number associated with the server you want to remove. You receive a confirmation listing the selected server, its Domain Name Server (DNS) host name, and the location of the server's computer account you want to remove.

13. Type

quit

and press ENTER. The Metadata Cleanup menu appears.

14. Type

remove selected server

and press ENTER. You should receive confirmation that the removal completed successfully. If you receive the following error message:

Error 8419 (0x20E3) The DSA object could not be found

the NTDS Settings object may already be removed from the Active Directory as the result of another administrator removing the NTDS Settings object, or replication of the successful removal of the object after running the DCPROMO utility.

Note: You may also see this error when you attempt to bind to the domain controller that is going to be removed. Ntdsutil needs to bind to a domain controller other than the one that is going to be removed with metadata cleanup.

15. Type

quit

at each menu to quit the NTDSUTIL utility. You should receive confirmation that the connection disconnected successfully.

16. Remove the cname record in the _msdcs.root domain of forest zone in DNS. Assuming that DC is going to be reinstalled and re-promoted, a new NTDS settings object is created with a new globally unique identifier (GUID) and a matching cname record in DNS. You do not want the DC's that exist to use the old cname record.

As best practice you should delete the hostname and other DNS records. If the lease time that remains on Dynamic Host Configuration Protocol (DHCP) address assigned to offline server is exceeded then another client can obtain the IP address of the problem DC.

Now that the NTDS setting object has been deleted we can now delete the following objects:

1. Use ADSIEdit to delete the computer account in the OU=Domain Controllers,DC=domain...

Note: The FRS subscriber object is deleted when the computer object is deleted, since it is a child of the computer account.

2. Use ADSIEdit to delete the FRS member object in CN=Domain System Volume (SYSVOL share),CN=file replication service,CN=system....

3. In the DNS console, use the DNS MMC to delete the cname (also known as the Alias) record in the _msdcs container.

4. In the DNS console, use the DNS MMC to delete the A (also known as the Host) record in DNS.

5. If the deleted computer was the last domain controller in a child domain and the child domain was also deleted, use ADSIEdit to delete the trustDomain object for the child in CN=System, DC=domain, DC=domain, Domain NC.