Those who are working on Active Directory must have heard about “Metadata Cleanup”. Like FSMO Roles, this is bit confusing, however it’s very simple if you understand this properly.
First of all, Metadata Cleanup is not a normal activity. It’s not something which we do very often. Also this is not been used in ideal situation. Metadata Cleanup is directly related to Active Directory and specifically a Domain Controller.
What exactly is Metadata Cleanup? It’s a process to clean every trace of the decommissioned or current Domain Controller.
Why we need Metadata Cleanup? Always remember that we only do Metadata Cleanup if a Domain Controller is not properly decommissioned. If we follow all the valid procedure to decommission a DC, we don’t need to do anything else. But somehow if a DC got corrupted and we did not get a chance to do a clean DC decommission, we have to do a proper Metadata Cleanup.
Let’s see an example. Suppose we have a DC which we want to decommission. So as per the standard process, we have to following:
- Remove “Active Directory Domain Services” role from the server.
- Remove the NS and A record for the DC from DNS.
- Delete the computer account from “Active Directory Users and Computers”.
- Delete the DC and it’s Replication Link from “Active Directory Sites and Services”.
If you are following these steps, you don’t need to do anything else. But suppose your DC got corrupt and it’s not accessible and usable. In this case obviously you can’t login to the DC and do the necessary steps to decommission it. So here we need to do the Metadata Cleanup to clean all traces of the faulty Domain Controller from Active Directory.
What if we don’t do Metadata Cleanup for problematic DC? Well, in that case you will get Replication error initially and later you may get authentication and GPO related issues.
Can we do Metadata Cleanup of a working DC instead of decommissioning it properly? It’s not recommended, but YES you can do it. Metadata Cleanup will clean all records of the working DC which is as good as a proper DC Decommission.
What Tool we need to do Metadata Cleanup? We use ntdsutil to do it.
Hope you are clear about the Metadata Cleanup. In next post, we will see the practical step-by-step process to do a Metadata Cleanup. Cheers!