Something that always annoys me is when I look at an Active Directory and start finding old Domain Controller Server objects out in the sites container for DCs that were demoted or forcibly removed from Active Directory weeks, months, or years ago. This is just sloppy admin work but once it is done and hasn’t been cleaned up for some time I admit it can be a pain in the arse to cleanup with how dssite.msc (Sites and Services) displays the info. You have to click on every site and expand it out a couple of levels. No one really has time to go back and do that if they didn’t have time to clean up properly in the first place.
So to help folks find objects that are possible old DC objects that should be cleaned up here is a simple AdFind query to help…
adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)" –dsq
That will produce something that looks like
Z:\>adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)" -dsq
"CN=USOHSND-DC01,CN=Servers,CN=USOHSND,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESBARCME-DC01,CN=Servers,CN=ESBARCME,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRILLK-DC01,CN=Servers,CN=FRILLK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USNYLOC-DC01,CN=Servers,CN=USNYLOC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USOHVIE-DC01,CN=Servers,CN=USOHVIE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSCLI-DC01,CN=Servers,CN=USMSCLI,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC01,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USCAIRV-DC01,CN=Servers,CN=USCAIRV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMOL-DC01,CN=Servers,CN=ITMOL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSBRK-DC01,CN=Servers,CN=USMSBRK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCDUN-DC01,CN=Servers,CN=USSCDUN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCLAN-DC01,CN=Servers,CN=USSCLAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC02,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKCOV-DC01,CN=Servers,CN=UKCOV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXQROQRO-DC01,CN=Servers,CN=MXQROQRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SKSEN-DC01,CN=Servers,CN=SKSEN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITLIV-DC01,CN=Servers,CN=ITLIV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRCER-DC01,CN=Servers,CN=FRCER,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRVIL-DC01,CN=Servers,CN=FRVIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKSHI-DC01,CN=Servers,CN=UKLEAM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DENUE-DC01,CN=Servers,CN=DENUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLGDANSK-DC01,CN=Servers,CN=PLGDANSK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLOST-DC01,CN=Servers,CN=PLOST,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMIL-DC01,CN=Servers,CN=ITMIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTLIN-DC01,CN=Servers,CN=PTLIS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTBRA-DC01,CN=Servers,CN=PTBRA,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTCBR-DC01,CN=Servers,CN=PTCBR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESTAR-DC01,CN=Servers,CN=ESTAR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USALGAD-DC01,CN=Servers,CN=USALGAD,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROSAN-DC01,CN=Servers,CN=ROSAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZVIZ-DC01,CN=Servers,CN=CZVIZ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMONKC-DC01,CN=Servers,CN=USMONKC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ATASP-DC01,CN=Servers,CN=ATASP,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZSLU-DC01,CN=Servers,CN=CZSLU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROINE-DC01,CN=Servers,CN=ROINE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SEGOT-DC01,CN=Servers,CN=SEGOT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLJEL-DC01,CN=Servers,CN=PLJEL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXSONHRM-DC01,CN=Servers,CN=MXSONHRM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=INHARGGN-DC01,CN=Servers,CN=INHARGGN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEFUE-DC01,CN=Servers,CN=DEFUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESSCU-DC01,CN=Servers,CN=ESSCU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SETRO-DC01,CN=Servers,CN=SETRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=BEGENT-DC01,CN=Servers,CN=BEGENT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=LUBAS-DC01,CN=Servers,CN=LUBAS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXBCNTIJ-DC01,CN=Servers,CN=MXBCNTIJ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEBADS-DC02,CN=Servers,CN=DEBADS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
You can now look that over and determine if yes, those are old DCs (i.e. there aren’t machines that belong to some other application that stuck it there like the old ADC from Exchange). If they are then you simply pipe that output to admod –rm and bam… all clean.
If you have a naming standard in place for domain controllers then you can apply that to the filter as well like so…
Z:\>adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)(name=*-dc*)" -dsq
"CN=USOHSND-DC01,CN=Servers,CN=USOHSND,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESBARCME-DC01,CN=Servers,CN=ESBARCME,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRILLK-DC01,CN=Servers,CN=FRILLK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USNYLOC-DC01,CN=Servers,CN=USNYLOC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USOHVIE-DC01,CN=Servers,CN=USOHVIE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSCLI-DC01,CN=Servers,CN=USMSCLI,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC01,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USCAIRV-DC01,CN=Servers,CN=USCAIRV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMOL-DC01,CN=Servers,CN=ITMOL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMSBRK-DC01,CN=Servers,CN=USMSBRK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCDUN-DC01,CN=Servers,CN=USSCDUN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USSCLAN-DC01,CN=Servers,CN=USSCLAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXTAMPSREY-DC02,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKCOV-DC01,CN=Servers,CN=UKCOV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXQROQRO-DC01,CN=Servers,CN=MXQROQRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SKSEN-DC01,CN=Servers,CN=SKSEN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITLIV-DC01,CN=Servers,CN=ITLIV,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRCER-DC01,CN=Servers,CN=FRCER,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=FRVIL-DC01,CN=Servers,CN=FRVIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=UKSHI-DC01,CN=Servers,CN=UKLEAM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DENUE-DC01,CN=Servers,CN=DENUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLGDANSK-DC01,CN=Servers,CN=PLGDANSK,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLOST-DC01,CN=Servers,CN=PLOST,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ITMIL-DC01,CN=Servers,CN=ITMIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTLIN-DC01,CN=Servers,CN=PTLIS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTBRA-DC01,CN=Servers,CN=PTBRA,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PTCBR-DC01,CN=Servers,CN=PTCBR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESTAR-DC01,CN=Servers,CN=ESTAR,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USALGAD-DC01,CN=Servers,CN=USALGAD,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROSAN-DC01,CN=Servers,CN=ROSAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZVIZ-DC01,CN=Servers,CN=CZVIZ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=USMONKC-DC01,CN=Servers,CN=USMONKC,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ATASP-DC01,CN=Servers,CN=ATASP,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=CZSLU-DC01,CN=Servers,CN=CZSLU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ROINE-DC01,CN=Servers,CN=ROINE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SEGOT-DC01,CN=Servers,CN=SEGOT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=PLJEL-DC01,CN=Servers,CN=PLJEL,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXSONHRM-DC01,CN=Servers,CN=MXSONHRM,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=INHARGGN-DC01,CN=Servers,CN=INHARGGN,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEFUE-DC01,CN=Servers,CN=DEFUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=ESSCU-DC01,CN=Servers,CN=ESSCU,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=SETRO-DC01,CN=Servers,CN=SETRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=BEGENT-DC01,CN=Servers,CN=BEGENT,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=LUBAS-DC01,CN=Servers,CN=LUBAS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=MXBCNTIJ-DC01,CN=Servers,CN=MXBCNTIJ,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
"CN=DEBADS-DC02,CN=Servers,CN=DEBADS,CN=Sites,CN=Configuration,DC=somecompany,DC=net"
Note that the list is the same. 😉 But it won’t necessarily always be as other apps can put servers in the sites container. Keep that in mind or else you could accidently cause some serious pain. 🙂
And to remove…
E:\>adfind -sites -s subtree -f "&(objectcategory=server)(!serverreference=*)(name=*-dc*)" -dsq | admod -rm -unsafe
AdMod V01.12.00cpp Joe Richards (joe@joeware.net) September 2009
DN Count: 46
Using server: USMITRY-DC12.NorthAmerica.somecompany.net:389
Directory: Windows Server 2003
Deleting specified objects…
DN: CN=USOHSND-DC01,CN=Servers,CN=USOHSND,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ESBARCME-DC01,CN=Servers,CN=ESBARCME,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=FRILLK-DC01,CN=Servers,CN=FRILLK,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USNYLOC-DC01,CN=Servers,CN=USNYLOC,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USOHVIE-DC01,CN=Servers,CN=USOHVIE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USMSCLI-DC01,CN=Servers,CN=USMSCLI,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=MXTAMPSREY-DC01,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USCAIRV-DC01,CN=Servers,CN=USCAIRV,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ITMOL-DC01,CN=Servers,CN=ITMOL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USMSBRK-DC01,CN=Servers,CN=USMSBRK,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USSCDUN-DC01,CN=Servers,CN=USSCDUN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USSCLAN-DC01,CN=Servers,CN=USSCLAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=MXTAMPSREY-DC02,CN=Servers,CN=MXTAMPSREY,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=UKCOV-DC01,CN=Servers,CN=UKCOV,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=MXQROQRO-DC01,CN=Servers,CN=MXQROQRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=SKSEN-DC01,CN=Servers,CN=SKSEN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ITLIV-DC01,CN=Servers,CN=ITLIV,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=FRCER-DC01,CN=Servers,CN=FRCER,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=FRVIL-DC01,CN=Servers,CN=FRVIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=UKSHI-DC01,CN=Servers,CN=UKLEAM,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=DENUE-DC01,CN=Servers,CN=DENUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PLGDANSK-DC01,CN=Servers,CN=PLGDANSK,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PLOST-DC01,CN=Servers,CN=PLOST,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ITMIL-DC01,CN=Servers,CN=ITMIL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PTLIN-DC01,CN=Servers,CN=PTLIS,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PTBRA-DC01,CN=Servers,CN=PTBRA,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PTCBR-DC01,CN=Servers,CN=PTCBR,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ESTAR-DC01,CN=Servers,CN=ESTAR,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USALGAD-DC01,CN=Servers,CN=USALGAD,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ROSAN-DC01,CN=Servers,CN=ROSAN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=CZVIZ-DC01,CN=Servers,CN=CZVIZ,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=USMONKC-DC01,CN=Servers,CN=USMONKC,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ATASP-DC01,CN=Servers,CN=ATASP,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=CZSLU-DC01,CN=Servers,CN=CZSLU,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ROINE-DC01,CN=Servers,CN=ROINE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=SEGOT-DC01,CN=Servers,CN=SEGOT,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=PLJEL-DC01,CN=Servers,CN=PLJEL,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=MXSONHRM-DC01,CN=Servers,CN=MXSONHRM,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=INHARGGN-DC01,CN=Servers,CN=INHARGGN,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=DEFUE-DC01,CN=Servers,CN=DEFUE,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=ESSCU-DC01,CN=Servers,CN=ESSCU,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=SETRO-DC01,CN=Servers,CN=SETRO,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=BEGENT-DC01,CN=Servers,CN=BEGENT,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=LUBAS-DC01,CN=Servers,CN=LUBAS,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=MXBCNTIJ-DC01,CN=Servers,CN=MXBCNTIJ,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
DN: CN=DEBADS-DC02,CN=Servers,CN=DEBADS,CN=Sites,CN=Configuration,DC=somecompany,DC=net…
The command completed successfully
joe