Re: add a new 2003 server to domain as DC
- From: "Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 3 Aug 2005 23:46:08 +0200
Hi Paulo,
sorry for the posting latency - I'm doing more projects like now than I should do ;(
Answers inline - snipped to relevant parts:
"Paulo" <frankbear@xxxxxxxxx> wrote in message news:1122983916.129399.76980@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So happy to see that you are still around, really stucked and I got my DCs in my dreams last night, but however no lights to solve my SYSVOL replication problems, :))
Dreaming about AD is fine - those are the good ones ;)
have tried hard to fix the problem on sunday, once removed new DC, cleaned metadata, adsiedit and dns record on old DC and recovered FrsComputerReference and ServerReference values following Q312862, then tried to integrate new DC again, but still failed to get SYSVOL replication work. with FRSDIAG.exe tool, seems it also tries to sychronize with some non-exist DCs, but checked with ntdsutil/metadata cleanup, Domain MSC plugins, adsiedit records, dns records, all those GUIDs/DCs appeared nowhere, is there a way I could still do a better clean around?
There are tools for sysvol available - search for Ultrasound and/or Sonar, those might help you to diagnose as well.
Then there's some attribute to check with ADSIEdit, look underneath
domainpartition/system/File Replication Services and go into the properties of the Domain System Volume and the Objects underneath.
And check the following KBs which might help you getting your FRS solid again:
http://support.microsoft.com/default.aspx?scid=kb;en-us;290762
http://support.microsoft.com/default.aspx?scid=kb;en-us;272279
http://support.microsoft.com/default.aspx?scid=kb;en-us;312862
http://support.microsoft.com/default.aspx?scid=kb;en-us;296183
http://support.microsoft.com/default.aspx?scid=kb;en-us;221111
guess something bad are once when our old DC crashed, we have booted an offlined older DC, let seize all roles and also renamed the backup DC/configured IP to the crashed one, without any cleanup work, now even tried to rename this DC again but those dirty records never shows up again either in metadata or in adsi records, but seems some dirty GUIDs are still somewhere, just cannot get access to them.... is this possible?
Outch - this might be the cause for such a mess ;S
followed your outline, today removed again the new DC but configured it only functioning as a member file server and secondary DNS server, diagnosed again on both server:
--------------------------- netdiag /v /debug output: --------------------------- new Server: [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. old pdc: passed all
Did you configure WINS? Are you sure you don't need it?
---------------------------
dcdiag /v /a /c on old pdc, basically passed all tests but actually
problem in VerifyEnterpriseReferences:
---------------------------
Starting test: VerifyEnterpriseReferences
LDAP Error 0x5e (94) - No result present in message.
......................... BYRONBDC failed test
VerifyEnterpriseReferences
Search again, there are references somewhere for BYRONBDC (which I assume is your new not anymore DC)
but now I am quite stucked here, found no more hints around, is this the key problem prevented new DC integration/replicate SYSVOL with new DC, or I should rather re-install/install a new 2k3 server to test whether it's because my new Server also get dirty?
I doubt that's the case but would do it in a production environment whenever possible anyways - you don't want a DC which has been screwed with that much in your domain. I'd reinstall the new DC if you can do it, but prior to re-promoting you need to get the old DC solid.
and, is there a chance, can man backup current DC, put offline, and install a new DC as first DC for domain, then still restore/import all pc/user accounts and group policies to new dc?
You can't do a backup of AD and expect it not to carry the mess in your AD but only the useraccounts.
so I'd have a chance to surrender, kill both dc and make a clean installation for a new DC, it might be an easier curve for me now.... are doing some restructuring with our network, but a consulting work or MS case will cost too much for our group.
The best way is either to figure everything out on one DC, then introduce the additional one, or doing a migration to a new domain (new domain name) and move the users, groups, a.s.o. with ADMT. Then you have a new domain with another name, but with a clean AD.
Thank you very much for the help, and viel Gruss,
You're welcome.
-- Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
.
- Follow-Ups:
- Re: add a new 2003 server to domain as DC
- From: Paulo
- Re: add a new 2003 server to domain as DC
- References:
- Re: add a new 2003 server to domain as DC
- From: Paulo
- Re: add a new 2003 server to domain as DC
- From: Ulf B. Simon-Weidner [MVP]
- Re: add a new 2003 server to domain as DC
- From: Paulo
- Re: add a new 2003 server to domain as DC
- Prev by Date: Re: Users missing Exchange mailbox still there
- Next by Date: Re: unable to raise domain functional level
- Previous by thread: Re: add a new 2003 server to domain as DC
- Next by thread: Re: add a new 2003 server to domain as DC
- Index(es):
Relevant Pages
|
Loading
