Cleaning metadata after a failed DC

January 4th, 2012 Posted in Miscellaneous
2 Comments »

So not too long ago, I had an ephiphany. I realzied that MS doesn’t always have the correct instructions. Of course, I learned this during a change window when we were implementing a change for a customer and luckily for us “/?” told us our issue and it basically was a syntax error. Ironically we were following instructions from MS. But we all make mistakes.

Since then I have sort of made sure to look elsewhere along with the MS documentation to understand what needs to be done. While I was looking at instructions for removing metadata after a force removal or DC failure, I looked around to come up with more comprehensive steps that I am hoping will be helpful to some and at the same time provide me with a place to save notes for myself. I don’t particularly post about AD etc, but I figured it makes sense for me to do so every once in a while. After all if my vCenter authenticates to an AD server then I guess it’s important for me to make sure AD stays up, unless I also have local users which could become a managment nightmare.

So let’s assume you come to work one day and one of your domain contollers in domain.com has died. What do you do? We will assume domain.com has 3 DC (DC1, DC2 and DC3) and assume DC1 is the server that has failed. We will need ntdsutil, ADU&C, ADS&S and access to the DNS to become the heros for the day.Of course you will also have to be an elite member of the Enterprise Admin group to fix anything, or else find the person who has access and send him a link to this post.

Get two cups of coffee or some form of caffeine

At the command line, type Ntdsutil and press ENTER.

At the Ntdsutil: prompt, type metadata cleanup and press Enter.

At the metadata cleanup: prompt, type connections and press Enter.

Type connect to server <servername>, where <servername> is the domain controller that is still alive. Press Enter. We will connect to DC2 in this case.

Type ‘q’ and press Enter to return you to the metadata cleanup: prompt.

Type select operation target and press Enter.

Type list domains and press Enter. Tiy wukk be presented with all the domains in your forest, note that each domain is assigned an integer.

Type select domain <number> where <number> is the number corresponding to the domain in which the failed server was located. Press Enter. We will use 0 in our case.

Type list sites and press Enter.

Type select site <number> where <number> refers to the number of the site in which the domain controller was a member. Press Enter. We will use site 0.

Type list servers in site and press Enter. This will list all servers in that site with a corresponding integer.

Type select server<number> and press Enter, where <number> refers to the domain controller to be removed. Since the failed DC in our case is DC1, we will type ‘select server 0’.

Type ‘q’ and press Enter. The Metadata cleanup menu is displayed.

Type remove selected server and press Enter.

You will receive a warning message. Click Yes.

At this point, Active Directory confirms that the domain controller was removed successfully.

Type “q” and hit enter until you return to the command prompt.

 

Confirm the server has been removed from sites and services:

To remove the failed server object from the sites and services

  1. Go to Start -> Admin tools -> Active Directory Sites and Services
  2. In Active Directory Sites and Services, expand  the appropriate site, in our case we will use “Default-First-Site-Name”.
  3. Delete the server object associated with the failed domain controller.

Confirm the server has been removed from the Domain Controller container:

To remove the failed server object from the domain controllers container

  1. Go to Start -> Admin tools -> Active Directory Users and Computers
  2. In Active Directory Users and Computers, expand the ‘Domain Controllers’ container.
  3. Delete the computer object associated with the failed domain controller.

If you get a prompt saying  you want to delete the server object without performing a DCPROMO operation be sure to check ”This DC is permanently offline…” before clicking on the delete button

Windows will prompt you again like you  don’t know what you are doing, so go ahead and click yes on the next prompt if you get it.

Clean up DNS

  1. Go to Start -> Admin tools -> DNS
  2. Remove the CNAME for failed DC (DC1 in our case)  in the _msdcs. You should also delete the HOSTNAME and other DNS records.
  3. Remove this server from being a name server on any of the zones
  4. Remove the PTR record associated with this zone

Wash your coffee mug

  1. Take yourself to the kitchen
  2. Wash your coffee mug and save it for another day when a DC in your world decides to disappear.
, , , ,
Read More

vCD + vCO +AD What does this mean?

May 5th, 2011 Posted in Virtualization
2 Comments »

We are all aware of the VMware vCenter Orchestrator (vCO) and how it enables the automation of so many tasks in vCenter that could become tedious and boring after a while. In February 2011, VMware released the vCO plugin for vCloud Director aka vCloud aka vCD. How will this help you? Think about the process involved in creating an organization, virtual datacenter, users, networks etc. With vCO, you can create workflows to automate these tasks so that the ever shrinking and often under staffed IT department can focus on bigger and better things. vCO for vCD expanded the automation to your vCD environments which is slowly becoming the standard to start your own cloud.

Today, VMware has released vCO plugin for Active Directory. Some of you must be thinking whats the big deal? With this plug-in, you can enhance the level of automation you had before and provide better service to your customers. Tasks like creating AD accounts, deleting AD account, groups, memberships can all be automated by leveraging vCO workflows. It comes with 32 preconfigured workflows and you can create more as needed.  To benefit from this, you will need  to have a vCO setup along with your vCD. Not to mention you will need to have the underlying vSphere environment in  place.

Lets think of what this could do when all the pieces line up. The customer logs into your portal and creates a request. vCO creates the organization/virtual datacenter/network/ bla bla bla for the user. The user then creates a vApp that consists of two VMs in the vDC. Now with the AD plugin for vCO, the workflow for creating computer accounts for these VMs can be leveraged. Oh and did I mention the new organization that was created will now have the users that were also created in AD using a workflow. Next thing you know a customer decides  to leave, now a workflow can handle that task as well. You dont have to go and delete the child objects in the organization like you did before. Your workflow will delete all the child objects and finally your organization as well. Now your resources are available to be purchased again. And while you are at it, you can also clean up AD with the accounts that are no longer needed using the AD plugin for vCO.

To sum it up, automation is the name of the game. You dont have to be a hardcore developer to leverage vCO. If I can do it, anyone can. The only way to handle the ever increasing demand is by automating tasks that can be automated. It even decreases the room for error and helps to divert your time into bigger and better things besides creating a VM, adding a portgroup etc. Lastly, automation is also extremely important in ensuring your cloud meets the standard definition of what a cloud should be. Trust me, there are just too many definitions out there, and automation seems to be the common denominator.

You can download the AD plugin for vCO here.

, , , , , , ,
Read More