Re: AD
anonymous_at_discussions.microsoft.com
Date: 08/09/04
- Next message: Tomasz Onyszko: "Re: Modifying new user defaults in AD"
- Previous message: David: "DSA errors"
- In reply to: Cary Shultz [A.D. MVP]: "Re: AD"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 9 Aug 2004 12:02:39 -0700
Sorry I did not include all informations needed, here it
is..
I have a flat domain with 3 DC and they all have AD
intergraded DNS with forwarders to my ISP, and they all
are GCs.
One of my domain controllers was having hard drive
problems; I was able to transfer three FSMO roles, RID,
PDC, and infrastructure to another DC. Before I was able
to run dcpromo to make it a member server, the machine
crashed.
Rebuild the server with same name and I ran dcpromo and
made it a domain controller. The process finished okay,
however when I tried to create a new user account in the
domain I kept getting DSA errors, and unable to create new
users. I ran dcpromo again and made the box member server,
DSA errors went away no problems with creating new
accounts on other two domain controllers.
I left the box as member server removed DNS, and I tried
to use knowledge base Q216498 and went through several
articles and no luck.
When I run Metadata Cleanup now, the filed DC does not
show-up, only the two properly working DCs are listed.
When I use ntdsutil and adsiedit I do not seen any
information on the failed DC.
I was not able to find any instances of the crashed Domain
Controller as the above artical talks about.
PLEASE help if you have an idea..
Thanks...
>-----Original Message-----
>David,
>
>A couple of things here.
>
>First and foremost, since the Domain Controller was not
properly removed
>from Active Directory you will need to do what is called
a Metadata Cleanup.
>You will need to use ntdsutil and probably adsiedit as
well. Please take a
>look at the following MSKB Article:
>
>http://support.microsoft.com/?id=216498
>
>This will remove all instances of the crashed Domain
Controller from your
>Active Directory. This will be a good thing.
>
>In order to use adsiedit you will need to install the
Support Tools. The
>Support Tools are located on the WIN2000 Server CD as
well as on the WIN2000
>Service Pack CD in the Support | Tools folder. You can
also download them
>from the Microsoft Web Site.
>
>You might want to become familiar with the various
tools. They are
>extremely helpful.
>
>The second thing that you might want to do is to make
sure that there are at
>least two Global Catalog Servers in your domain ( I am
assuming that you
>have a single domain / tree / forest ). I would make all
of the Domain
>Controllers a Global Catalog Server in this case!
>
>I am not sure that I follow you when you state that you
tried to reset its
>account.
>
>I assume that you are trying to use the same computer
name as the Domain
>Controller that crashed...
>
>HTH,
>
>Cary
>
>"David" <anonymous@discussions.microsoft.com> wrote in
message
>news:186601c47be3$504aab80$a401280a@phx.gbl...
>> DC was having hard drive problems, I was able to
transfer
>> three FSMO roles, RID, PDC, and infrastructure to
another
>> DC. Before I was able to run dcpromo to make it a member
>> server, the machine crashed.
>> Rebuild the server and before bring it up, I tried to
>> reset it's account but I was unable to it. I ran dcpromo
>> again to make it a domain controller and everything went
>> okay, however if I try to create a new user account I
get
>> DSA errors, Ran dcpromo again and made the box member
>> server, DSA errors went away no problems with creating
new
>> accounts on other domain controller.
>> I tried to use knowledge base and went through several
>> articles and no luck.
>>
>> PLEASE help if you have an idea..
>> Thanks..
>>
>
>
>.
>
- Next message: Tomasz Onyszko: "Re: Modifying new user defaults in AD"
- Previous message: David: "DSA errors"
- In reply to: Cary Shultz [A.D. MVP]: "Re: AD"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
