Re: AD problem
From: Shah (rais_s_at_hotmail.com)
Date: 02/11/04
- Next message: Chriss3: "Re: autoReply user attribute (ms-Exch-AutoReply)"
- Previous message: David De Backer: "autoReply user attribute (ms-Exch-AutoReply)"
- In reply to: Ulf B. Simon-Weidner [MVP]: "Re: AD problem"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Feb 2004 21:26:29 +0900
Hi Gruesse,
Thanks a lot. I will be discussing on the points u mentioned here. I our
network we have the user name same as the computer name and password setting
is to never expired. Yes, after the system crushed I romoved the computer
account, I did metadata-cleaup. I removed the records from DNS, removed the
records created by the IIS.
I will go through the links u provided. Thanks for that. I will be back if I
solve it.
-- - SHAH - With You For You Always --------------------- "Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@usw-consulting.com> wrote in message news:MPG.1a9372c79d2dd2eb9899ea@msnews.microsoft.com... > Shah says... > > Hello Gruesse, > > Thanks a lot for your advise. Actually my client company does not want any > > more investment in backup and restoration. They are having GC+DCs in 68 > > sites in all over Japan. I do too realise that they should do backup more > > frequent but because of budget we are doing it every six months. I will > > consider ur suggestion for sure. > > After restoration, I reset the secure channel password and got rid of many > > errors except Netlogon. It says that i.e. domainname/SCRIPT can not be > > created. But there is no script running. I checked the registry also all > > parameters are correct. Second thing when I brows "My Network Connection" > > for that particular DC I can not see shared Netlogon folder. On other DCs > > when I double click the shared Netlogon folder "Access dinied" error is > > displayed. I would appreciat if you explain in detail why its happening. > > Thanks for your time. > > Shah > > > Hallo Shah, > > like I said, it is more important to backup a few DCs more frequently (most > likely those who hold the fsmo-roles) than backing all of them up every two > month. > Another thing - if you have one Domain-Controller which fails and you've just > got a old backup, I would not use the backup but install the DC as new DC into > the existing domain. Downside is the replication of the AD-Database, but it's > either Backing up or Replicating it. > > And I would suggest you consider with your client what happens if they have a > complete crash of the AD. With a couple recent backups they will be up and > running within a reasonable time - without they can sent their employees home > until the infrastructure is recreated (b/c with a two month backup there are to > many changed, users can't remember their old passwords, clients will need to be > reconnected to the domain, ...). Since I don't know the company I don't know if > they are able to survive such a szenario. > > OK, back to your issue. It still looks like the DC is not talking with the > domain, that's the reason why you are not able to connect to ressources on > other DCs. Did you reset the computeraccount of the DC? > > What I'd prefer to get the thing up and running as fast as possible is to > DCPromo it to remove AD from this DC, perform a Metadata-Cleanup and run a > DCPromo to add it as additional Domain Controller to the existing domain. OK - > you'll have the replication, but the DC is fresh with a actual copy of the > Database. I'd also remove the Server from the Domain and put it back into there > in between when it's just a member server. > > Other options would be to reset the computer account (guess the last link below > will give you an idea), recreate the shares, verify that you are ablt to > connect to the other DCs, wait and watch the eventlog and replmon, DcDiag the > Server to verify what is working and what not. > > I'd really remove AD here and get it back onto the server - here are some links > which might help you: > > 298450 Deletion of Critical Objects in Active Directory in Windows 2000 and > Windows Server 2003 > http://support.microsoft.com/?id=298450 > > 332199 Using the DCPROMO /FORCEREMOVAL Command to Force the Demotion of Active > Directory Domain Controllers > http://support.microsoft.com/?id=332199 > > 216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain > Controller Demotion > http://support.microsoft.com/?id=216498 > > How to Recover from a Deleted Domain Controller Machine Account in Windows 2000 > http://support.microsoft.com/?id=257288 > > Gruesse - Sincerely, > > Ulf B. Simon-Weidner
- Next message: Chriss3: "Re: autoReply user attribute (ms-Exch-AutoReply)"
- Previous message: David De Backer: "autoReply user attribute (ms-Exch-AutoReply)"
- In reply to: Ulf B. Simon-Weidner [MVP]: "Re: AD problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
