Perform Active Directory Metadata Cleanup

Perform Active Directory Metadata cleanup

I hope the article will help you to perform metadata cleanup in the following……

  1. After unsuccessful demote on a domain controller.
  2. Domain controller is down and passed tombstone limit.

Infrastructure Details:
Site Name: MySite1
Domain Controller (MySite1): DC1= NAKIT-RDC01,  DC2= NAKIT-ADC01
Perform metadata cleanup in Windows Server 2003

In Windows Server 2000/2003, you can use the Ntdsutil.exe utility to run metadata cleanup and manually remove the NTDS Settings object.


To clean up metadata

1. Logon on Main Domain Controller and Open the command line, type Ntdsutil and then press ENTER.


2. At the Ntdsutil: prompt, type metadata cleanup and press Enter.

ntdsutil: metadata cleanup
metadata cleanup:

3. At the metadata cleanup: prompt, type connections and press Enter.

metadata cleanup: connections
server connections:

4. At the server connections: prompt, type connect to server <servername>, and Press Enter.
Note: <servername> is any functional domain controller in the same domain from which you plan to clean up the metadata of the failed domain controller.

server connections: connect to server NAKIT-RDC01
Binding to NAKIT-RDC01 ..
Connected to NAKIT-RDC01 using credentials of locally logged on user.
server connections:

Note: Windows Server 2003 Service Pack 1 eliminates the need for the above step.
5. Type quit and press Enter to return you to the metadata cleanup: prompt.

server connections: quit
metadata cleanup:

6. Type select operation target and press Enter.

metadata cleanup: Select operation target
select operation target:

7. Type list domains and press Enter. This lists all domains in the forest with a number associated
with each.

select operation target: list domains
Found 1 domain(s)
select operation target:

8. Type select domain <number>, where <number> is the number corresponding to the domain
in which the failed server was located. Press Enter.

select operation target: Select domain 0
No current site
No current server
No current Naming Context
select operation target:

9. Type list sites and press Enter.

select operation target: List sites
Found 1 site(s)
0 - CN=MySite1,CN=Sites,CN=Configuration,DC=NAKSHATRAIT,DC=COM
select operation target:

10. Type select site <number>, where <number> refers to the number of the site in which
the domain controller was a member. Press Enter.

select operation target: Select site 0
Site - CN=MySite1,CN=Sites,CN=Configuration,DC=NAKSHATRAIT,DC=COM
No current server
No current Naming Context
select operation target:

11. Type list servers in site and press Enter. This will list all servers in that site with a corresponding number.

select operation target: List servers in site
Found 2 server(s)
0 - CN= NAKIT-RDC01,CN=Servers,CN=MySite1,CN=Sites,CN=Configuration,DC=NAKSHATRAIT,DC=COM
1 - CN= NAKIT-ADC01,CN=Servers,CN=MySite1,CN=Sites,CN=Configuration,DC=NAKSHATRAIT,DC=COM
select operation target:

12. Type select server <number> and press Enter, where <number> refers to the domain controller to be removed.

select operation target: Select server 0
Site - CN=MySite1,CN=Sites,CN=Configuration,DC=NAKSHATRAIT,DC=COM
Server - CN= NAKIT-ADC01,CN=Servers,CN=MySite1,CN=Sites,CN=Configuration,DC=NAKSHATRAIT,DC=COM
DSA object - CN=NTDS Settings,CN=NAKIT-ADC01,CN=Servers,CN=MySite1,CN=Sites,CN=Configuration,DC=NAKSHATRAIT,DC=COM
Computer object - CN=NAKIT-ADC01,OU=Domain Controllers,DC=NAKSHATRAIT,DC=COM
No current Naming Context
select operation target:

13. Type quit and press Enter.

select operation target: quit
metadata cleanup:

14. Type remove selected server and press Enter.
You will receive a warning message. Read it and press Yes.

metadata cleanup: Remove selected server
"CN=NAKIT-ADC01,CN=Servers,CN=MySite1,CN=Sites,CN=Configuration,DC=NAKSHATRAIT,DC=COM" removed from server "NAKIT-RDC01”
metadata cleanup:

15. Type quit, and press Enter until you return to the command prompt.

Perform metadata cleanup in Windows Server 2008/R2
You can use the below URL to perform the metadata cleanup on Windows Server 2008 Active directory domain controller.

Steps after Perform metadata cleanup in Windows Server

1. Make sure you have delete the Computer account from Active Directory User and Computer.
2. Make sure you have delete the Computer from Active Directory Site and Services.
3. Also delete any DNS record from NAME Server, Host (A) record.
4. Let the replication completely.

Exchange Server 2007/2010 interview questions and answers – Part 1

Dear All, I hope the below question bank will help you.

Click here for Part 2


Exchange General

1. What is the server roles in Exchange 2007?
2. What are the Exchange 2003 sever roles equivalents of the various Exchange server 2007/2010 roles?

Exchange server 2003 Exchange server 2007/2010
Front End Server (SMTP Service) HUB Transport Server
Front End Server Client Access Server
Backend End Server Mailbox Server
Edge Transport Server (NEW)
Unified Messaging


3. Name the system prerequisites for installing Exchange 2007?
4. Why doesn’t we install Outlook on the same machine running Exchange 2007/2010?
5. Where does Exchange store its configuration settings?
6. How do you prepare the AD for Exchange 2007?
7. How would you verify that the schema was in fact updated?
8. What are in the installation folder root and setup.exe. Which would you use and when?
9. What is PowerShell in Exchange server and Name one major benefit of PowerShell v2 over V1?
10. What’s the difference between the Enterprise and Standard editions of Exchange in relation with the number and size of the stores on the server?
11. What is Cached Mode in Outlook 2007/2010?
12. What is S/MIME? What are the usage scenarios for S/MIME?
13. What are E-Discovery features?
14. In Exchange 2007, what are the minimum requirements for implementing a high availability topology, in relation to the server roles and server numbers?

Exchange Recipient Level

1. What are the different Exchange Recipient types?

User mailbox: This mailbox is created for an individual user to store mails, calendar items, contacts, tasks, documents, and other business data.

Linked mailbox: This mailbox is created for an individual user in a separate, trusted forest. For example AD account is created in A.COM and Mailbox is created in B.COM Exchange Server.

Shared mailbox: This mailbox is not primarily associated with a single user and is generally configured to allow logon access for multiple users.

Legacy mailbox: This mailbox is resides on a server running Exchange Server 2003 or Exchange 2000 Server.

Room mailbox: This mailbox is created for a meeting location, such as a meeting or conference room, auditorium, or training room. When we create this mailbox, by default a disabled user object account is created.

Equipment mailbox: A resource mailbox is created for a non-location specific resource, such as a portable computer projector, microphone, or a company car. When we create this mailbox, by default a disabled user object account is created. Equipment mailboxes provide a simple and efficient way for users to use resources in manageable way.

2. What is the difference between mail user and mail contact?

Mail user: This is an Active Directory user that represents e-mail address outside your Exchange organization. Each mail user has an external e-mail address to which all messages sent to the mail user are routed.

Mail contact: This is an Active Directory contact that contains e-mail address information about people or organizations that exist outside your Exchange organization. Each mail contact has an external e-mail address. All messages sent to the mail contact are routed to this external e-mail address.

3. What is the difference between Distribution group and Dynamic Distribution group?

Mail-enabled (Universal distribution group): This is an Active Directory distribution group object that can be used only to distribute messages to a group of recipients.

Mail-enabled (Universal security group):A mail-enabled Active Directory security group object that can be used to grant access permissions to resources in Active Directory, and can also be used to distribute messages.

Mail-enabled (Non-universal group): This is an Active Directory global or local group object. Mail-enabled non-universal groups are de-emphasized in Exchange 2007 and can exist only if they were migrated from previous versions of Exchange. You cannot use Exchange 2007 to create new non-universal distribution groups.

Dynamic distribution group: A distribution group that uses recipient filters and conditions to derive its membership at the time messages are sent.

Exchange CAS Role

1. What is OWA?
OWA refer to Outlook Web Access in Exchange 2007 by you access your e-mail from any Web browser. Outlook Web Access contains many new features such as meeting booking, Microsoft SharePoint Services and Windows file share integration, and a rich user experience from any computer that has a Web browser.

2. What is the Exchange ActiveSync?
Exchange ActiveSync is a feature which synchronize you email data between your mobile device and Exchange server. Using Active sync you can synchronize e-mail, contacts, calendar and tasks. Mobile devices running Windows Mobile software and Windows Mobile 5.0, are all supported.

3. What is Availability service

The Availability service provides free/busy information using secure, consistent, and up-to-date free/busy data to users that are running Outlook 2007. Outlook 2007 uses the Autodiscover service to obtain the URL of the Availability service.

4. What is Autodiscover service?
This service enables Outlook clients and some mobile devices to receive their necessary profile settings directly from the Exchange server by using the client’s Active Directory domain credentials or user’s SMTP domain.

5. What is Outlook Anywhere and describe the method for enabling Outlook Anywhere?
Outlook Anywhere feature (previously known as RPC over HTTP) provide a facility to connect your Internet-based Microsoft Outlook clients to connect to your Exchange Server 2007. This featureeliminates the need to use virtual private networks (VPNs) if Exchange server 2003 with Sp1 and Exchange 2007.

Outlook Anywhere can be enabled by using the
Exchange Management Console
Open Exchange Management console tree > expand Server Configuration > then click Client Access.
In the action pane, click Enable Outlook Anywhere.

Exchange Management Shell
Enable-OutlookAnywhere -Server: <ServerName> -ExternalHostName: <ExternalHostName> -ClientAuthenticationMethod:Basic -IISAuthenticationMethods <MultiValuedProperty> -SSLOffloading:$false

Requirement of Outlook anywhere
Install a valid Secure Sockets Layer (SSL) certificate from a trusted certification authority (CA).
Install the Windows RPC over HTTP Proxy component

6. What are the certificates can be installed on Exchange 2007 and Name a few commercial CAs?
Wildcard Certificate: Exchange Server support certificates with wildcard names, such as * This is an acceptable domain. Please make sure that some legacy clients and mobile devices do not support wildcard names on a certificate.

SAN Certificate: This is the most widely used certificate type such as it has one common name like and some additional domain name refer to Exchange other services like,,

7. How to Determine When to Use Certificates Issued by Public CAs and When to Use Self-Signed Certificates?
Whenever your users are access Exchange components that require authentication and encryption from outside your corporate firewall, it is time to deploy a certificate issued by a public CA. Let users are accessing Exchange ActiveSync, POP3, IMAP4, and Outlook Anywhere. so in this case you require a certificate that is issued by a public CA.

A self-signed certificate used by Exchange 2007 component that uses Kerberos, Direct Trust, or NTLM authentication. These are all internal Exchange 2007 components, to the fact that the data paths are between Exchange 2007 servers and within the corporate network that is defined by Active Directory.

8. Named the Exchange 2007 components use certificates?
EdgeSync synchronization
POP3 and IMAP4
Unified Messaging
Client Access applications such as Outlook Anywhere, OWA, and Exchange ActiveSync