I've done this before with no adverse effects. The metadata cleanup doesn't (and didn't) affect the computer object in the domain or file permissions on the computer.
Regards, Andrew On 22 July 2010 10:35, Don Ely <[email protected]> wrote: > Technically since they ask you to remove the computer object that would be > the only reason I would do it, but I'd be inclined to try it without > removing the computer object first... > > On Wed, Jul 21, 2010 at 6:32 PM, Brian Desmond <[email protected]>wrote: > >> *No the SIDs in the ACEs remain so they will resolve again once you >> rejoin the box.* >> >> * * >> >> *That said I don’t think you actually need to unjoin the box to do the >> metadata cleanup.* >> >> * * >> >> *Thanks,* >> >> *Brian Desmond* >> >> *[email protected]* >> >> * * >> >> *c - 312.731.3132* >> >> * * >> >> * * >> >> *From:* Jim Slattery [mailto:[email protected]] >> *Sent:* Thursday, July 22, 2010 2:45 AM >> >> *To:* NT System Admin Issues >> *Subject:* RE: Removing missing DC metadata >> >> >> >> Exactly my concern. >> >> >> >> Another option I’ve considered is to rename the file server, then run the >> steps, then rename it back. (We have processes that copy files both to and >> from this server based on servername). >> >> >> >> *Jim Slattery* >> Systems Administrator, MEDEX Global Group >> 410-308-7931 >> >> *From:* Erik Goldoff [mailto:[email protected]] >> *Sent:* Wednesday, July 21, 2010 2:41 PM >> >> *To:* NT System Admin Issues >> *Subject:* RE: Removing missing DC metadata >> >> >> >> But if a file server and removed from the domain, aren’t domain-specific >> permissions lost when removed from the domain ? >> >> >> >> *Erik Goldoff*** >> >> *IT Consultant* >> >> *Systems, Networks, & Security * >> >> ' Security is an ongoing process, not a one time event ! ' >> >> *From:* Don Ely [mailto:[email protected]] >> *Sent:* Wednesday, July 21, 2010 2:30 PM >> >> *To:* NT System Admin Issues >> *Subject:* Re: Removing missing DC metadata >> >> >> >> +1 >> >> >> >> remove the server from the domain, run the steps, add it back and you >> should be fine... >> >> On Wed, Jul 21, 2010 at 11:18 AM, Don Guyer <[email protected]> >> wrote: >> >> I think if you move the current computer into a workgroup, make the >> changes in AD, then put it back into the domain you’ll be fine. Others may >> have additional input. >> >> >> >> Don Guyer >> >> Systems Engineer - Information Services >> >> Prudential, Fox & Roach/Trident Group >> >> 431 W. Lancaster Avenue >> >> Devon, PA 19333 >> >> Direct: (610) 993-3299 >> >> Fax: (610) 650-5306 >> >> [email protected] >> >> >> >> *From:* Jim Slattery [mailto:[email protected]] >> *Sent:* Wednesday, July 21, 2010 2:11 PM >> >> *To:* NT System Admin Issues >> *Subject:* Removing missing DC metadata >> >> >> >> We have a file server that shares a name with an old DC that failed. >> Instead of removing the metadata for the DC, someone just installed a new >> server with the same name. That name now unfortunately is held by our main >> file server. >> >> I need to remove the DC metadata, but need to leave the server up and >> running. >> >> My question is this... if I run this kind of operation: >> http://www.petri.co.il/delete_failed_dcs_from_ad.htm >> >> or >> http://support.microsoft.com/kb/216498 >> >> >> ...is the current server still going to be in the domain as a member >> server? >> >> I haven't slept well in a few days, and I'm exhausted, so if the answer to >> this question is obvious, please don't beat up on me too much. I just don't >> want to create more problems while trying to solve another. >> >> TIA >> >> >> >> *Jim Slattery* >> Systems Administrator, MEDEX Global Group >> 410-308-7931 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
