Metadata cleanup is a required procedure after a forced removal of Active Directory Domain Services (AD DS).

Reference article:

You perform metadata cleanup on a domain controller in the domain of the domain controller that you forcibly removed. Metadata cleanup removes data from AD DS that identifies a domain controller to the replication system.

Metadata cleanup also removes File Replication Service (FRS) and Distributed File System (DFS) Replication connections and attempts to transfer or seize any operations master (also known as flexible single master operations or FSMO) roles that the retired domain controller holds.

You can clean up server metadata by using the following:

To clean up server metadata by using Ntdsutil

  1. Open a command prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Enterprise Admins credentials, if required, and then click Continue.
  2. At the command prompt, type the following command, and then press ENTER:ntdsutil
  3. At the ntdsutil: prompt, type the following command, and then press ENTER:metadata cleanup
  4. At the metadata cleanup: prompt, type the following command, and then press ENTER:remove selected server <ServerName>


    remove selected server <ServerName1> on <ServerName2>

    Value Description
    ntdsutil: metadata cleanup Initiates removal of objects that refer to a decommissioned domain controller.
    remove selected server Removes objects for a specified, decommissioned domain controller from a specified server.
    <ServerName> or <ServerName1> The distinguished name of the domain controller whose metadata you want to remove, in the form cn=ServerName,cn=Servers,cn=SiteName, cn=Sites,cn=Configuration,dc=ForestRootDomain. If you specify only one server name, the objects are removed from the current domain controller.
    on <ServerName2> Specifies removing server metadata on <ServerName2>, the Domain Name System (DNS) name of the domain controller to which you want to connect. If you have identified replication partners in preparation for this procedure, specify a domain controller that is a replication partner of the removed domain controller.
  5. In Server Remove Configuration Dialog, review the information and warning, and then click Yes to remove the server object and metadata.At this point, Ntdsutil confirms that the domain controller was removed successfully. If you receive an error message that indicates that the object cannot be found, the domain controller might have been removed earlier.
  6. At the metadata cleanup: and ntdsutil: prompts, type quit, and then press ENTER.
  7. To confirm removal of the domain controller:Open Active Directory Users and Computers. In the domain of the removed domain controller, click Domain Controllers. In the details pane, an object for the domain controller that you removed should not appear.

    Open Active Directory Sites and Services. Navigate to the Servers container and confirm that the server object for the domain controller that you removed does not contain an NTDS Settings object. If no child objects appear below the server object, you can delete the server object. If a child object appears, do not delete the server object because another application is using the object.