Active Directory replication

Nic

Distinguished
Mar 12, 2004
41
0
18,530
0
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have 60 domain controller in the same domain and many sites. I just bring
back online an obsoletes DC that have more than 60 days. This DC doesn't want
to replicate with no DCs in the entire domain/forest. I tried many solution
as in:

- Reset the security Channel with the domain PDC Emulator
- Tried a lot of query with Repadmin (No replication partner automatically
generated)
- I delete the Netlogon files in the C:\Winnt\System32\Config folder
- Recreate the Active Directory DNS zone
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Nic" <Nic@discussions.microsoft.com> wrote in message
news:B05F92EC-128F-4373-9265-2757E7FE9F7C@microsoft.com...
> I have 60 domain controller in the same domain and many sites. I just
bring
> back online an obsoletes DC that have more than 60 days. This DC doesn't
want
> to replicate with no DCs in the entire domain/forest. I tried many
solution
> as in:
>
> - Reset the security Channel with the domain PDC Emulator
> - Tried a lot of query with Repadmin (No replication partner automatically
> generated)
> - I delete the Netlogon files in the C:\Winnt\System32\Config folder
> - Recreate the Active Directory DNS zone

None of the above is relevant.

You must DCPromo (cycle) it -- first DCPromo to non-DC,
then optionally DCPromo back to a (new) DC.

You will likely need to use the DCPromo /forceremoval switch
and then clean up the AD on the remaining DCs with NTDSUtil
"Metadata Cleanup":


NTDS metadata cleanup

Search Google for:

[ NTDS "metadata cleanup" remove DC Domain ]

No need to add either site:microsoft.com OR microsoft:
since the NTDS and other terms make it Microsoft specific
by itself.

Unless you WISH to restrict answers to the site:microsoft.com
for some reason.

[ NTDS "metadata cleanup" remove DC Domain site:microsoft.com ]

Key points to NOTE when doing the metadata cleanup:

You CONNECT to a WORKING DC.
You SELECT the missing/dead DC or DOMAIN

'Connect' and 'Select' are technical terms in this context.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

As Herb stated, you are having problems because your DC has been off-line
for more than the 'tombstone' time-frame of 60 days.

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Nic" <Nic@discussions.microsoft.com> wrote in message
news:B05F92EC-128F-4373-9265-2757E7FE9F7C@microsoft.com...
>I have 60 domain controller in the same domain and many sites. I just bring
> back online an obsoletes DC that have more than 60 days. This DC doesn't
> want
> to replicate with no DCs in the entire domain/forest. I tried many
> solution
> as in:
>
> - Reset the security Channel with the domain PDC Emulator
> - Tried a lot of query with Repadmin (No replication partner automatically
> generated)
> - I delete the Netlogon files in the C:\Winnt\System32\Config folder
> - Recreate the Active Directory DNS zone
 

Ade

Distinguished
May 5, 2004
81
0
18,630
0
Archived from groups: microsoft.public.win2000.active_directory (More info?)

How about run dcpromo to demote, then run again to promote?


"Nic" <Nic@discussions.microsoft.com> wrote in message
news:B05F92EC-128F-4373-9265-2757E7FE9F7C@microsoft.com...
> I have 60 domain controller in the same domain and many sites. I just
bring
> back online an obsoletes DC that have more than 60 days. This DC doesn't
want
> to replicate with no DCs in the entire domain/forest. I tried many
solution
> as in:
>
> - Reset the security Channel with the domain PDC Emulator
> - Tried a lot of query with Repadmin (No replication partner automatically
> generated)
> - I delete the Netlogon files in the C:\Winnt\System32\Config folder
> - Recreate the Active Directory DNS zone
 

Nic

Distinguished
Mar 12, 2004
41
0
18,530
0
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

I didn't try yet but I want to troubleshoot the problems for future problem

Thanks, all

"ade" wrote:

> How about run dcpromo to demote, then run again to promote?
>
>
> "Nic" <Nic@discussions.microsoft.com> wrote in message
> news:B05F92EC-128F-4373-9265-2757E7FE9F7C@microsoft.com...
> > I have 60 domain controller in the same domain and many sites. I just
> bring
> > back online an obsoletes DC that have more than 60 days. This DC doesn't
> want
> > to replicate with no DCs in the entire domain/forest. I tried many
> solution
> > as in:
> >
> > - Reset the security Channel with the domain PDC Emulator
> > - Tried a lot of query with Repadmin (No replication partner automatically
> > generated)
> > - I delete the Netlogon files in the C:\Winnt\System32\Config folder
> > - Recreate the Active Directory DNS zone
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

And you really really really don't want to bring this on line. It is a case of
the domain controller knowing more about how things work than you do. It knows
that if it comes on line it has the opportunity to really mess your directory up
in ways you probably wouldn't understand until you ran into some really messy
issues where you were truly in trouble. This functionality can be overridden but
I do not ever recommend someone do it.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Cary Shultz [A.D. MVP] wrote:
> As Herb stated, you are having problems because your DC has been off-line
> for more than the 'tombstone' time-frame of 60 days.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Exactly!

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:OOu99wiVFHA.1404@TK2MSFTNGP09.phx.gbl...
> And you really really really don't want to bring this on line. It is a
> case of the domain controller knowing more about how things work than you
> do. It knows that if it comes on line it has the opportunity to really
> mess your directory up in ways you probably wouldn't understand until you
> ran into some really messy issues where you were truly in trouble. This
> functionality can be overridden but I do not ever recommend someone do it.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Cary Shultz [A.D. MVP] wrote:
>> As Herb stated, you are having problems because your DC has been off-line
>> for more than the 'tombstone' time-frame of 60 days.
>>
 

Nic

Distinguished
Mar 12, 2004
41
0
18,530
0
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks guys,

Nic

"Cary Shultz [A.D. MVP]" wrote:

> Exactly!
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
> news:OOu99wiVFHA.1404@TK2MSFTNGP09.phx.gbl...
> > And you really really really don't want to bring this on line. It is a
> > case of the domain controller knowing more about how things work than you
> > do. It knows that if it comes on line it has the opportunity to really
> > mess your directory up in ways you probably wouldn't understand until you
> > ran into some really messy issues where you were truly in trouble. This
> > functionality can be overridden but I do not ever recommend someone do it.
> >
> > joe
> >
> > --
> > Joe Richards Microsoft MVP Windows Server Directory Services
> > www.joeware.net
> >
> >
> > Cary Shultz [A.D. MVP] wrote:
> >> As Herb stated, you are having problems because your DC has been off-line
> >> for more than the 'tombstone' time-frame of 60 days.
> >>
>
>
>