Re: DCpromo issue. Health check on AD and group policy.
- From: Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de>
- Date: Sun, 28 Jun 2009 09:51:49 +0000 (UTC)
Hello IT Team Queensbridge.bham.sch.uk ITTeamQueensbridgebhamschukdiscussions.microsoft.com,
As already stated from the others the output from the diagnostic tools and answers to the additional questions are really a good starting point to see what's going ono in your domain. So we are looking for the answers/outputs.
You wrote about the remove/restore of that server some time ago, maybe you can also give some more detailed info about the way you did it.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hi Folks
we have 3 domain controllers all running windows 2003 (DC with FMSO
roles has SP1 and the other 2 have SP2). One of the SP2 DC's is about
to suffer an imminent hard drive failure and I wanted to decommission
it before it dies. We have also had intermittent issues with some
workstations on the domain not picking up policies and correctly
logging people on. I suspect that these workstations are trying to
authenticate to this problem DC and the communication between the two
isn't happening hence why users cant get their settings and policies
not being applied.
The problem is I tryed to DCpromo this server yesterday and couldn't
remove it as a DC. when I ran dcpromo it seemed like it was going to
decommision itself until I got the following error:
The operation failed because: Active Directory could not configure the
computer account SERVER$ on the remote domain controller
firstDCindomain.domain.com. "Access is denied."
Specify an account with Enterprise Adminstrator privileges to the
forest,
home.domain.com.
I have checked thisI keep getting the same error message over and
over. Its odd because I have done various promotion and decommison of
DC's and never had this trouble in the past. In fact a year ago I had
to decommision this exact server and repromote this exact server after
some maintenance and never had a problem.
My worry is I have got a feeling that either active directory may be
in a slight mess or its related to group policy objects. I have seen a
few issues appearing on some of our workstations which relate to not
picking up gpo objects and gpo.ini.
I have read that i can do a dcpromo/force removal and this is likely
to work, my worry is this could cause issues as I have to use a util
called ntsdutil to clear out active direcory, this sounds scary and I
am not comfortable with doing this method in case I make the problem
worse.
Is there something I could run which could check active directory and
group policy for all the DC's to help me identify the problem. I have
run dcdiag on all 3 domain controllers and the problem server did
bring up more issues than the other 2, and it was pointing to the File
replication service and replication issues. Its like it cannot
communicate with the other DC's. I have manually tried to do
replication through sites and services and this works without any
errors.
So I am confused. Has anyone suffered this issue?
Please help!
.
- Follow-Ups:
- Re: DCpromo issue. Health check on AD and group policy.
- From: IT Team @ Queensbridge.bham.sch.uk
- Re: DCpromo issue. Health check on AD and group policy.
- References:
- DCpromo issue. Health check on AD and group policy.
- From: IT Team @ Queensbridge.bham.sch.uk
- DCpromo issue. Health check on AD and group policy.
- Prev by Date: Re: Local Administrator Rights
- Next by Date: Re: Sharing FSMO roles between 2 DC's?
- Previous by thread: Re: DCpromo issue. Health check on AD and group policy.
- Next by thread: Re: DCpromo issue. Health check on AD and group policy.
- Index(es):
Relevant Pages
|
