Cleaning up after a failed Domain Services Installation

  • 7000122
  • 16-Apr-2008
  • 27-Apr-2012


Novell Open Enterprise Server 2 SP1(OES2SP1)
Novell Domain Services for Windows


 Domain Services For Windows install fails or Domain Services For Windows needs to be removed from the tree.
Single Domain Controller, Removing DSfW Forest from the eDirectory tree.


This will only work for DSfW OES2SP1

There is a utility provided in DSFW 1.0 to allow for the cleanup of a failed Domain Services installation:

If ndsdcrm fails then the cleanup must be performed manually.  Below are the steps for a manual cleanup.  These instructions assume an existing tree, new forest, and new domain.

1. Make the existing server master of all partitions and remove the DSfW server from the rings.  See TID 7002415 to designate a new server object.

2. Merge the child partitions into the domain partition.
    First merge the schema partition into the configuration partition.
    Then merge the configuration partition into the domain partition.
    After merging the partitions delete the Schema and Configuration containers

Note: Make sure that there's still a Master server for the domain partition.

3. Delete the DSfW server object, ssl certificates objects, ldap objects, and unix workstation object.

4. Delete all DSfW created objects.
    The containers that are created by DSFW are as follows:
       dn: ou=Domain Controllers,<DomainDN> 
       dn: ou=novell,<DomainDN> or ou=OESSystemObjects,<DomainDN> for OES2SP2
       dn: cn=Builtin,<DomainDN>
       dn: cn=Computers,<DomainDN>
       dn: cn=DefaultMigrationContainer,<DomainDN>
       dn: cn=Deleted Objects,<DomainDN>
       dn: cn=ForeignsSecurityPrincipals,<DomainDN>
       dn: cn=NTDS Quotas,<DomainDN>
       dn: cn=System,<DomainDN>
       dn: cn=Users,<DomainDN>
       dn: cn=Infrastructure,<DomainDN>
       dn: cn=LostAndFound,<DomainDN>
       dn: cn=Program Data,<DomainDN>

    Delete these objects and the child objects to these containers.  The Users container might have additional users created by the administrator.  If those users are to be retained, move them to another container outside the DSFW domain.

5. Remove the aux class "domainDNS" from the domain partition root.

6. Remove the following ACLs from the partition were DSFW is installed
 ACL: 1#subtree#[Public]#cn
 ACL: 3#subtree#[Root]#[All Attributes Rights]
 ACL: 4#subtree#[This]#dBCSPwd
 ACL: 4#subtree#[This]#unicodePwd
 ACL: 4#subtree#[This]#supplementalCredentials
 ACL: 3#subtree#[Root]#userCertificate;binary
 ACL: 3#subtree#[Root]#cACertificate;binary

7. Remove the 'samspm' entry in /etc/opt/novell/eDirectory/conf/ndsmodules.conf file

8. Rename the xad.ini file to xad.ini.old by running the following command:
/opt/novell/xad/sbin/dcmake unconfig

9. Set sysconf to show DSFW as not being configured
Either edit the /etc/sysconfig/novell/xad and /etc/sysconfig/novell/edir manually and change SERVICE_CONFIGURED="yes" to SERVICE_CONFIGURED="no"
or run the following commands to change SERVICE_CONFIGURED="no":
sed -e 's/^SERVICE_CONFIGURED="yes"/SERVICE_CONFIGURED="no"/g' /etc/sysconfig/novell/xad
sed -e 's/^SERVICE_CONFIGURED="yes"/SERVICE_CONFIGURED="no"/g' /etc/sysconfig/novell/edir

10. Rename, delete, or open and clear the contents of the /etc/opt/novell/eDirectory/conf/nds.conf file

11. Rename ,delete, or open and clear the contents of the /etc/opt/novell/eDirectory/conf/.edir/instance.0 
       If this file is renamed or deleted then create the file manually by using the touch command
       example: touch /etc/opt/novell/eDirectory/conf/.edir/instances.0

12. Rename or delete the /var/opt/novell/eDirectory/data/dib directory.  See TID 7002414 to manually remove eDirectory off an OES2 Linux Server

Additional Information

This TID will not prepare a server to be cleaned up and DSfW re-installed in OES2SP2 and OES2SP3.  Please start with a new server install if DSfW is intended to be re-installed.

Change Log

(Step #6) Added two binary ACL attributes that need to be removed.

(Step #4) Added note to check for Master of the domain partition.
Nov 15th.  The additional Notes was not public.  Marked it public