Re: Transfer the forest-Level Operations Master Roles
- From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
- Date: Sun, 19 Nov 2006 23:13:56 -0500
In news:malditof.2hhg3i@xxxxxxxxxxxxx,
malditof <malditof.2hhg3i@xxxxxxxxxxxxx> stated, which I commented on below:
Any further info the resoultion of this ?
This sounds slightly simillar to my situation:
I will check other posts inthe forum, but if you have any info that
may be helpful, details on seizing operations roles with ntdsutil,
that would be helpful.
I will post what I finally figure out to solve the problem.
We have had a Windows 2000 Active Directoy domain for about 4 years.
One Win2k server w/ AD and 3 Win NT4.0 member servers. (yea , I
know -only one dc - not a great idea. )
Since our Win2k DC is 4 years old we are replacing it. We bought a new
server with Win 2k3 Std edition about 6 months ago. 6 months I did
the stuff necessary ( updates /extensions , etc to AD ) so that I
could put AD on Win2k3 and it could talk to the Win 2k DC. All happy
and good and replicating, etc.
The new server was never put into production though , and has been
shut down for 6months.
Now I need to put it into prod and eventually shut down the Win2K DC.
The WIn2k3 Server AD is tombstoned since it hasn't replicated in 6
months and refuses to replicate.
DC Promo will not uninstall it AD since it has a GC and is Domain
Naming Master. and Operations Manager will not transfer the role,
even a pull from the Win2k Server.
I will do more digging in the forums for info on seizing the Domain
Naming Master role for the old WIn2k DC and removiing failed AD
objects.
What would be the best way to go about moving demoting . re-promiting
AD on the WIn2k3 server so will replicate with the Win2k Server?
Eventually the WIn2k DC will go away.
Thanks,
Malditof
QUOTE=Stuart]Yeah, I have set the second DC server to be a GC and the
original DC is also
a GC and is holding the Domain Name Master role.
"Michael Iversen" wrote:
Whenever an object goes beyond the tombstone, you are usually SOL (short on
luck) trying to get it back. However, there *may* be some hope. Here's a
little snippet from my own private blogs (I haven't published them yet):
===============================
Force DC replication of a tombstoned DC and dealing with lingering objects:
First cleanup lingering objects as these might exist!
One each DC:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters
Create a REG_DWORD value called:
"Allow Replication With Divergent and Corrupt Partner"
Enter value of 1.
Restart Netlogon
Then force replication in Sites and Services. If there are multiple Sites,
you'll have to wait for your configured schedule for this to propagate to
all DCs. We must keep in mind however, that whatever caused this, it
happened back before Oct 25 (according to the dcdiag). The replication
issues MUST be addressed or replication errors will continue and cause these
errors again.
Once completed and you've insured replication is occuring, return the value
in Allow Replication With Divergent and Corrupt Partner to 0 to not allow it
to replicate outdated data.
Event IDs possibily associated with: Event ID 2042's, 2023, 1398, 1988,
1864, NTFRS, NTDS, or similar errors.
Event ID 1388 or 1988 A lingering object is detected Active Directory:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/77dbd146-f265-4d64-bdac-605ecbf1035f.mspx
Event ID 2042: It has been too long since this machine replicated:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/34c15446-b47f-4d51-8e4a-c14527060f90.mspx
Active Directory Inside Out (5 of 10): DNS Features and Configuration (First
Question):
http://www.microsoft.com/technet/community/chats/trans/windowsnet/wnet_111204.mspx
Things to consider when a Windows Server 2003-based domain controller or a
Windows 2000-based domain controller runs in a virtual environment (VPC or
VMWare):
http://support.microsoft.com/?id=888794
===============================
--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only constant in life is change...
.
- References:
- Re: Transfer the forest-Level Operations Master Roles
- From: malditof
- Re: Transfer the forest-Level Operations Master Roles
- Prev by Date: AD Replication
- Next by Date: Re: Fix Tombstoned FSMO ?
- Previous by thread: Re: Transfer the forest-Level Operations Master Roles
- Next by thread: SPN across Forest not working
- Index(es):
Relevant Pages
|
