| Author | Messages | |
MThommes
Posts:79
 | | 09/11/2007 2:24 AM |
| In trying to do some AD cleanup, I find I
have several obsolete servers that were “authorized” at one time via
the DHCP admin GUI. When I highlight an entry and push the “Unauthorize”
button, the system responds with “There is no such object on server.”
Some Googling found a forum where someone said to use ADSIEdit to remove the
entry from CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
. While I didn’t find that key, I did see entries with a class of “dHCPClass”
under CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM . The
server I wanted to remove was listed along with the others I saw displayed in
the DHCP GUI. I deleted the entry but it still shows up in the GUI!
Will this entry magically go away after a reboot or is there something else I
need to do?
TIA!
Mike Thommes | | | |
| eirvin
Posts:0
| | 09/11/2007 2:29 AM |
| The gui is pulling that data from somewhere. I would venture a guess
that somewhere that dhcp info is still out there. The metadatacleanup
might be your best bet. I would approach with caution here though.
On 9/11/07, Thommes, Michael M. wrote:
>
>
>
>
> In trying to do some AD cleanup, I find I have several obsolete servers that
> were "authorized" at one time via the DHCP admin GUI. When I highlight an
> entry and push the "Unauthorize" button, the system responds with "There is
> no such object on server." Some Googling found a forum where someone said
> to use ADSIEdit to remove the entry from
> CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
> . While I didn't find that key, I did see entries with a class of
> "dHCPClass" under
> CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
> . The server I wanted to remove was listed along with the others I saw
> displayed in the DHCP GUI. I deleted the entry but it still shows up in the
> GUI! Will this entry magically go away after a reboot or is there something
> else I need to do?
>
>
>
> TIA!
>
> Mike Thommes
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx | | | |
| eis_lists
Posts:34
| | 09/11/2007 2:40 AM |
| Was this the original forum you saw?
http://www.msresource.net/content/view/43/47/
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Eric Irvin
Sent: Tuesday, September 11, 2007 11:30 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] help removing obsolete "Authorized DHCP Servers"
The gui is pulling that data from somewhere. I would venture a guess
that somewhere that dhcp info is still out there. The metadatacleanup
might be your best bet. I would approach with caution here though.
On 9/11/07, Thommes, Michael M. wrote:
>
>
>
>
> In trying to do some AD cleanup, I find I have several obsolete servers
that
> were "authorized" at one time via the DHCP admin GUI. When I highlight an
> entry and push the "Unauthorize" button, the system responds with "There
is
> no such object on server." Some Googling found a forum where someone said
> to use ADSIEdit to remove the entry from
> CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
> . While I didn't find that key, I did see entries with a class of
> "dHCPClass" under
> CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
> . The server I wanted to remove was listed along with the others I saw
> displayed in the DHCP GUI. I deleted the entry but it still shows up in
the
> GUI! Will this entry magically go away after a reboot or is there
something
> else I need to do?
>
>
>
> TIA!
>
> Mike Thommes
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx | | | |
| MThommes
Posts:79
| | 09/11/2007 2:59 AM |
| Hi,
No, actually it was Mark Minasi's forum. But thanks for your link!
I tried the "netsh dhcp delete server " command as mentioned
in your forum and got back the same response as the GUI: "There is no
such object on the server." Let's see what other responses roll in.
Surely, I can't be the only one that has tried this.
Mike Thommes
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of EIS Lists
Sent: Tuesday, September 11, 2007 1:40 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] help removing obsolete "Authorized DHCP
Servers"
Was this the original forum you saw?
http://www.msresource.net/content/view/43/47/
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Eric Irvin
Sent: Tuesday, September 11, 2007 11:30 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] help removing obsolete "Authorized DHCP
Servers"
The gui is pulling that data from somewhere. I would venture a guess
that somewhere that dhcp info is still out there. The metadatacleanup
might be your best bet. I would approach with caution here though.
On 9/11/07, Thommes, Michael M. wrote:
>
>
>
>
> In trying to do some AD cleanup, I find I have several obsolete
servers
that
> were "authorized" at one time via the DHCP admin GUI. When I
highlight an
> entry and push the "Unauthorize" button, the system responds with
"There
is
> no such object on server." Some Googling found a forum where someone
said
> to use ADSIEdit to remove the entry from
>
CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
> . While I didn't find that key, I did see entries with a class of
> "dHCPClass" under
> CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
> . The server I wanted to remove was listed along with the others I
saw
> displayed in the DHCP GUI. I deleted the entry but it still shows up
in
the
> GUI! Will this entry magically go away after a reboot or is there
something
> else I need to do?
>
>
>
> TIA!
>
> Mike Thommes
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx | | | |
| adwulf
Posts:39
| | 09/11/2007 2:59 AM |
| On 11/09/2007, EIS Lists wrote:
> Was this the original forum you saw?
>
> http://www.msresource.net/content/view/43/47/
>
>
That forum post also shows a way of doing this on the command line using NETSH.
Did you try that method, Michael?
--
AdamT
*** WARNING : This message originates from a parallel universe ***
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx | | | |
| colemancraig1
Posts:40
| | 09/11/2007 3:12 AM |
| Yes the DHCPClass entry is what is created when you
Authorize a DHCP server. You can delete it.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Thommes, Michael
M.Sent: Tuesday, September 11, 2007 2:24 PMTo:
ActiveDir@mail.activedir.orgSubject: [ActiveDir] help removing
obsolete "Authorized DHCP Servers"
In trying to do some AD
cleanup, I find I have several obsolete servers that were “authorized” at one
time via the DHCP admin GUI. When I highlight an entry and push the
“Unauthorize” button, the system responds with “There is no such object on
server.” Some Googling found a forum where someone said to use ADSIEdit to
remove the entry from CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
. While I didn’t find that key, I did see entries with a class of
“dHCPClass” under CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
. The server I wanted to remove was listed along with the others I saw
displayed in the DHCP GUI. I deleted the entry but it still shows up in
the GUI! Will this entry magically go away after a reboot or is there
something else I need to do?
TIA!
Mike
Thommes | | | |
| EricGustafson
Posts:34
| | 09/12/2007 7:40 AM |
| To add to this thread, I have 3 former DHCP servers that still show up
in DHCP manager as authorized but without a name. I have removed the
offending IP addresses with adsiedit at the forest root and have
verified replication to the child domains also by using adsiedit.
I ran this netsh command to list the servers: netsh dhcp show server >
servers.txt
Here is the entry that was found: Server [] Address ⎖.20.1.4] Ds
location: cn=10.20.1.4
netsh dhcp delete server 10.20.1.4 returns the following:
"DHCP Delete Server failed.
Parameter(s) passed are either incomplete or invalid."
The reason is that it is looking for the ServerDNS parameter and that is
missing.
Any thought on another way to get rid of these long ago gone servers
that I never had any control over?
Thanks all,
--Eric
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of EIS Lists
Sent: Tuesday, September 11, 2007 2:40 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] help removing obsolete "Authorized DHCP
Servers"
Was this the original forum you saw?
http://www.msresource.net/content/view/43/47/
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Eric Irvin
Sent: Tuesday, September 11, 2007 11:30 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] help removing obsolete "Authorized DHCP
Servers"
The gui is pulling that data from somewhere. I would venture a guess
that somewhere that dhcp info is still out there. The metadatacleanup
might be your best bet. I would approach with caution here though.
On 9/11/07, Thommes, Michael M. wrote:
>
>
>
>
> In trying to do some AD cleanup, I find I have several obsolete
servers
that
> were "authorized" at one time via the DHCP admin GUI. When I
highlight an
> entry and push the "Unauthorize" button, the system responds with
"There
is
> no such object on server." Some Googling found a forum where someone
said
> to use ADSIEdit to remove the entry from
>
CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
> . While I didn't find that key, I did see entries with a class of
> "dHCPClass" under
> CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
> . The server I wanted to remove was listed along with the others I
saw
> displayed in the DHCP GUI. I deleted the entry but it still shows up
in
the
> GUI! Will this entry magically go away after a reboot or is there
something
> else I need to do?
>
>
>
> TIA!
>
> Mike Thommes
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx | | | |
| guyt1799190425
Posts:36
| | 09/12/2007 7:40 AM |
| Look at the dhcpServers attribute (notice the “s”) on
the objects under CN=NetServices, CN=Services,CN=Configuration…
In the attribute remove the entry referencing the gone DHCP
servers – that should stop the MMC from showing the stale DHCP servers.
Guy
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of Thommes, Michael M.
Sent: Tuesday, September 11, 2007 9:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] help removing obsolete "Authorized DHCP
Servers"
In
trying to do some AD cleanup, I find I have several obsolete servers that were
“authorized” at one time via the DHCP admin GUI. When I
highlight an entry and push the “Unauthorize” button, the system
responds with “There is no such object on server.” Some
Googling found a forum where someone said to use ADSIEdit to remove the entry | | | |
| EricGustafson
Posts:34
| | 09/12/2007 8:04 AM |
| Thanks Guy but I don’t see the dhcpServers attribute. The domain
controllers I am working with are W2K3 SP3. If I right click on
CN=Confirguration…,CN=Services,CN=Netservices I do not see the mentioned
attribute. This is using adsiedit and not Sites & Services. Any more
thoughts?
--Eric
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of Guy Teverovsky
Sent: Wednesday, September 12, 2007 7:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] help removing obsolete "Authorized DHCP
Servers"
Look at the dhcpServers attribute (notice the “s”) on the
objects under CN=NetServices, CN=Services,CN=Configuration…
In the attribute remove the entry referencing the gone DHCP
servers – that should stop the MMC from showing the stale DHCP servers.
Guy
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of Thommes, Michael M.
Sent: Tuesday, September 11, 2007 9:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] help removing obsolete "Authorized DHCP
Servers"
In
trying to do some AD cleanup, I find I have several obsolete servers that were
“authorized” at one time via the DHCP admin GUI. When I highlight an
entry and push the “Unauthorize” button, the system responds with “There is no
such object on server.” Some Googling found a forum where someone said to
use ADSIEdit to remove the entry from CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
. While I didn’t find that key, I did see entries with a class of
“dHCPClass” under CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
. The server I wanted to remove was listed along with the others I saw
displayed in the DHCP GUI. I deleted the entry but it still shows up in
the GUI! Will this entry magically go away after a reboot or is there
something else I need to do?
TIA!
Mike Thommes | | | |
| MThommes
Posts:79
| | 09/12/2007 8:23 AM |
| v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
Hi Eric,
While I am
still struggling to remove my old authorized DHCP servers, you should find them
listed in ADSIEdit as entries with a class of “dHCPClass” under
CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
Mike Thommes
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Gustafson, Eric (Oldcastle
Materials)
Sent: Wednesday, September 12,
2007 7:04 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] help
removing obsolete "Authorized DHCP Servers"
Thanks Guy but I
don’t see the dhcpServers attribute. The domain controllers I am working
with are W2K3 SP3. If I right click on
CN=Confirguration…,CN=Services,CN=Netservices I do not see the mentioned
attribute. This is using adsiedit and not Sites & Services. Any more
thoughts?
--Eric
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Guy Teverovsky
Sent: Wednesday, September 12,
2007 7:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] help removing
obsolete "Authorized DHCP Servers"
Look at the
dhcpServers attribute (notice the “s”) on the objects under
CN=NetServices, CN=Services,CN=Configuration…
In the attribute
remove the entry referencing the gone DHCP servers – that should stop the
MMC from showing the stale DHCP servers.
Guy
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Thommes, Michael M.
Sent: Tuesday, September 11, 2007
9:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] help removing
obsolete "Authorized DHCP Servers"
In trying to do some AD cleanup, I find I
have several obsolete servers that were “authorized” at one time
via the DHCP admin GUI. When I highlight an entry and push the
“Unauthorize” button, the system responds with “There is no
such object on server.” Some Googling found a forum where someone
said to use ADSIEdit to remove the entry from CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
. While I didn’t find that key, I did see entries with a class of
“dHCPClass” under
CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM . The server
I wanted to remove was listed along with the others I saw displayed in the DHCP
GUI. I deleted the entry but it still shows up in the GUI! Will
this entry magically go away after a reboot or is there something else I need
to do?
TIA!
Mike Thommes | | | |
| MittlemanR
Posts:0
| | 09/12/2007 8:53 AM |
| When this happens to me, after clearing out the entry in AD using
ADSIedit, I first use NETSH to AUTHORIZE THE SERVER, and then use NETSH
again to un-authorize the server.
(I've never found documentation on how a DHCP server concludes that it
is still authorized even when its authorization data in AD is either
gone or incorrect; but NETSH seems to be able to slam its way through
the mess, where the DHCP GUI cannot. I've even had trouble using the
GUI to un-authorize a perfectly healty W2K DHCP server, if NETSH was
originally used to authorize it.)
As for where the data is in AD, note:
For a Windows 2000 DHCP server, authorization data is stored in the
DhcpRoot object -- in the multi-value attribute dhcpServers. Use ADSI
to view these entries. The DhcpRoot object is located here:
CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=conedison,DC=
net
Attribute dhcpServers is populated with IP addresses and server names.
For a Windows 2003 DHCP server, authorization data is no longer stored
in the DhcpRoot object. The same data is stored in the dhcpServers
attribute of an object (named for the IP address of the DHCP server)
directly under the NetServices container, and nothing is stored for it
in the DhcpRoot object.
I've seen DHCP authorization inconsistencies occur under these
circumstances:
1. Authorize/Unauthorize a new DHCP server before the previous DHCP
authoriation change has replicated throughout the forest (After the
first time that happened, I became pretty careful about that -- so I
don't know if its still a problem with W2K3)
2. Changing the name or address of a DHCP server without first
de-authorizing it (and, I've seen it continue to function -- even though
the authorization data in AD is wrong! DHCP server still thinks its
authorized.)
3. Server crash -- retiring a DHCP server without first gracefully
unauthorizing DHCP.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Eric Irvin
Sent: Tuesday, September 11, 2007 2:30 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] help removing obsolete "Authorized DHCP
Servers"
The gui is pulling that data from somewhere. I would venture a guess
that somewhere that dhcp info is still out there. The metadatacleanup
might be your best bet. I would approach with caution here though.
On 9/11/07, Thommes, Michael M. wrote:
>
>
>
>
> In trying to do some AD cleanup, I find I have several obsolete
servers that
> were "authorized" at one time via the DHCP admin GUI. When I
highlight an
> entry and push the "Unauthorize" button, the system responds with
"There is
> no such object on server." Some Googling found a forum where someone
said
> to use ADSIEdit to remove the entry from
>
CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
> . While I didn't find that key, I did see entries with a class of
> "dHCPClass" under
> CN=NetServices,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM
> . The server I wanted to remove was listed along with the others I
saw
> displayed in the DHCP GUI. I deleted the entry but it still shows up
in the
> GUI! Will this entry magically go away after a reboot or is there
something
> else I need to do?
>
>
>
> TIA!
>
> Mike Thommes
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx | | | |
| EricGustafson
Posts:34
| | 09/12/2007 9:17 AM |
| I found them. Properties of CN=DhcpRoot on the right side
of CN=NetServices. I then found the dhcpServers attribute and choose edit.
Locate the defunct ones and chose remove. They are gone. Replication into the
child domains has completed and the entries are in fact gone from the DHCP MMC.
Thanks again for the pointer on that.
--Eric
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of Guy Teverovsky
Sent: Wednesday, September 12, 2007 7:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] help removing obsolete "Authorized DHCP
Servers"
Look at the dhcpServers attribute (notice the “s”)
on the objects under CN=NetServices, CN=Services,CN=Configuration…
In the attribute remove the entry referencing the gone DHCP
servers – that should stop the MMC from showing the stale DHCP servers.
Guy
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of Thommes, Michael M.
Sent: Tuesday, September 11, 2007 9:24 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] help removing obsolete "Authorized DHCP
Servers"
In
trying to do some AD cleanup, I find I have several obsolete servers that were
“authorized” at one time via the DHCP admin GUI. When I
highlight an entry and push the “Unauthorize” button, the system
responds with “There is no such object on server.” Some
Googling found a forum where someone said to use ADSIEdit to remove the entry | | | |
|
|