Remove Orphaned DFS Namespaces from Active Directory

February 7, 2022 · 2 min read

IT Specialist - PowerShell enthusiast

When you come across orphaned DFS Namespaces in your domain environment and want to remove those either to clean up or to reuse. You will need to do it from ADSI Edit.

Connect to Default naming context
Navigate to CN=Dfs-Configuration,CN=System, DC=mydomain, DC=local
Right click on the orphaned namespace and delete it

This post is about doing just that via the PowerShell Script instead of using ADSI Edit. There is an enormous risk associated with using ADSI Edit if you misclick and delete something else by mistake.

The script will look for the current domain name, turn it into a Distinguished Name (DN) format like "DC=mydomain, DC=local", prepend it with the Dfs-Configuration DN and use the $Name variable to search for the desire DFS namespace. Once found, it will prompt the user to confirm for removal action. It will then delete the DFS namespace from Active Directory.

Run repadmin /syncall on a domain controller to replicate the change across the board.
Run dfsrdiag pollad on all DFS member servers to sync with the AD database (NTDS).

Function Remove-AdDFSNamespace{
    [CmdletBinding(SupportsShouldProcess,ConfirmImpact='High')]
    Param(    
        [Parameter(Mandatory)]
        [String]$Name
    )   
    Begin{
        $MyDomain   = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()            
        $DomainDN   = $MyDomain.GetDirectoryEntry() | Select-Object -ExpandProperty DistinguishedName
        $DfsConfig  = "CN=Dfs-Configuration,CN=System" 
        $SearchBase = $DfsConfig , $domainDN -Join ","
    }
    Process{
        If ($PSCmdlet.ShouldProcess($Name, "Removing from $SearchBase")) {
            If($Name -ne 'Dfs-Configuration'){
                $ADObject = Get-ADObject -Filter "Name -eq '$Name'" -SearchBase $SearchBase
                If($ADObject){
                    $ADObject | Remove-ADObject -Recursive -Confirm:$false
                }
                Else {
                    Write-Warning "$Name can't be found under $SearchBase"
                }
            }            
        }              
    }
<#
.DESCRIPTION
    This cmdlet removes orphaned AD Domain Integrated DFS Namespace from Active Directory Dfs-Configuration
.EXAMPLE
   Remove-AdDFSNamespace -Name 'test'
#>    
}

This solution was built around the reply from Microsoft Social Technet. I needed to build the handy function and used it in my environment.

caution

Enter ONLY the name that you truly wanted to delete. Deleting the one in use will cause you headache and will require you to remap the name to the share.