Let's say you demote a DC within your AD forest to a member server. Then you go to another DC and execute: REPADMIN /SHOWREPS (or REPADMIN /SHOWREPL) and besides eventual RPC errors you also see something similar to:

 

[RFSRWDC1] C:\>REPADMIN /SHOWREPL

Repadmin: running command /SHOWREPL against full DC localhost

DTCNTR01\RFSRWDC1

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: c69face8-badf-480c-80c6-7309dd777160

DSA invocationID: c69face8-badf-480c-80c6-7309dd777160

==== INBOUND NEIGHBORS ======================================

DC=ADCORP,DC=DEMO

DTCNTR01\RFSRWDC2 via RPC

DSA object GUID: e424d545-97d5-43ab-b8ae-05cab8683190

Last attempt @ 2008-02-09 10:46:28 was successful.

BRANCH01\RFSRWDC3 (deleted DSA) via RPC

DSA object GUID: 70baaeee-b7b1-4635-af14-6d91f82e0403

 

CN=Configuration,DC=ADCORP,DC=DEMO

DTCNTR01\RFSRWDC2 via RPC

DSA object GUID: e424d545-97d5-43ab-b8ae-05cab8683190

Last attempt @ 2008-02-09 10:46:28 was successful.

BRANCH01\RFSRWDC3 (deleted DSA) via RPC

DSA object GUID: 70baaeee-b7b1-4635-af14-6d91f82e0403

 

CN=Schema,CN=Configuration,DC=ADCORP,DC=DEMO

DTCNTR01\RFSRWDC2 via RPC

DSA object GUID: e424d545-97d5-43ab-b8ae-05cab8683190

Last attempt @ 2008-02-09 10:46:28 was successful.

BRANCH01\RFSRWDC3 (deleted DSA) via RPC

DSA object GUID: 70baaeee-b7b1-4635-af14-6d91f82e0403

 

DC=DomainDnsZones,DC=ADCORP,DC=DEMO

DTCNTR01\RFSRWDC2 via RPC

DSA object GUID: e424d545-97d5-43ab-b8ae-05cab8683190

Last attempt @ 2008-02-09 10:46:28 was successful.

BRANCH01\RFSRWDC3 (deleted DSA) via RPC

DSA object GUID: 70baaeee-b7b1-4635-af14-6d91f82e0403

 

DC=ForestDnsZones,DC=ADCORP,DC=DEMO

DTCNTR01\RFSRWDC2 via RPC

DSA object GUID: e424d545-97d5-43ab-b8ae-05cab8683190

Last attempt @ 2008-02-09 10:46:28 was successful.

BRANCH01\RFSRWDC3 (deleted DSA) via RPC

DSA object GUID: 70baaeee-b7b1-4635-af14-6d91f82e0403

 

After a normal demotion, its previous replication partners will show that info. That also depends on the OS and service pack level. The behavior has been with W2K3 in SP1 and later.

 

The behavior is as follows:

  • For pre-Windows 2003 Server SP1 DCs:
    • "NTDS Settings" object IS DELETED during a demotion
    • Metadata on each root object of a NC, in the multivalued attribute repsFrom, is NOT CLEANED until the "replTopologyStayOfExecution" period has passed
    • replTopologyStayOfExecution period --> Default = 14 days and max. = ½ tombstone lifetime
    • The cleanup of the "repsFrom" attribute is done by the KCC by comparing the deletion time and "replTopologyStayOfExecution" period.

(look at the last three bullets. That is the reason for the RPC errors and the output that is shown above)

 

  • For Windows 2003 Server SP1 DCs AND later:
    • "NTDS Settings" object IS DELETED during a demotion
    • Metadata on each root object of a NC, in the multivalued attribute repsFrom, is also CLEANED
    • The stay-of-execution mechanism is disabled

 

Cheers,

Jorge

--------------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
--------------------------------------------------------------------------------------------------
############### Jorge's Quest For Knowledge ###############
######## http://blogs.dirteam.com/blogs/jorge/default.aspx #########
--------------------------------------------------------------------------------------------------