RE: I just inherited a Windows 2k3 domain filled with NETLOGON err

You need another dc. There is no ifs ands or buts about it. get a cheapo
desktop and make it a dc, then you can proceed. if you have 80 locations, you
should generally have 80 dcs. i know some would disagree with me, but I have
just had too many issues when I have broken that rule.

"indelljo" wrote:

> Actually, we don't have other DC's. The domain was originally setup for
> Exchange. The DCs are the exchange servers, that is why they are clustered.
> We have only recently added the PCs. Things were set up strangley here. Can
> I assume that without other functioning DC's the new items can't be
> recovered? Is there another way it can be done?
>
> "Manny Borges" wrote:
>
> > Clustered DCs. Interesting. Not a wise expenditure of resources usually, but
> > interesting. I have found that with AD its easier to get more DCS and simply
> > design a correct site topology than to get something that is incredibly
> > powerful. A new proliant with 2 2.4s and four GB of ram and a nice NIC team
> > doesn't even blink at servicing 20k users. By all means cluster web front
> > ends, databases over 8GB, and other heavy hit resources. But IMHO clustering
> > domin controllers is a usually unneeded.
> >
> > But thats beside the point.
> >
> > The answer to your question, no, the new objects will not be lost. When
> > syncroization occurs ( I am assuming you have more DCS) then the objects will
> > be added to the restored dc and the previously deleted objects that have had
> > thier sequence numbers updated will untombstone the objects from your current
> > AD.
> >
> > "indelljo" wrote:
> >
> > > They are in the same OU, but we have added several objects since we started
> > > getting the errors. Won't a restore wipe out the new additions? Also, our
> > > DC's are in a cluster. How would this effect restore? I am new to managing
> > > a domain, so I appreciate the help.
> > >
> > > "Manny Borges" wrote:
> > >
> > > > One domain right? Why would you need to send anyone out?
> > > >
> > > > In any case, do an authoritative restore of the AD from a system state back
> > > > up that still has the acounts. If they are all in one OU then you job is
> > > > pretty straight foward. If not then a little more involved.
> > > >
> > > > Reboot into ad resore mode, restore a system state back up from "good" time"
> > > > and use the ntdsutil to mark those sequence numbers up.
> > > >
> > > > "indelljo" wrote:
> > > >
> > > > > Errors include:
> > > > >
> > > > > Evevt ID 5805
> > > > > The session setup from the computer computername failed to authenticate. The
> > > > > following error occurred:
> > > > > Access is denied.
> > > > >
> > > > > Event ID 5719
> > > > > This computer was not able to set up a secure session with a domain
> > > > > controller in domain domainname due to the following:
> > > > > There are currently no logon servers available to service the logon request.
> > > > > This may lead to authentication problems. Make sure that this computer is
> > > > > connected to the network. If the problem persists, please contact your domain
> > > > > administrator.
> > > > >
> > > > > Event ID 5723
> > > > > The session setup from computer 'computername' failed because the security
> > > > > database does not contain a trust account 'computername$' referenced by the
> > > > > specified computer.
> > > > >
> > > > > We have 30+ PC's that just dropped off the domain, their accounts are no
> > > > > longer in ADU&C without anyone deleting them. Is there anything I can do
> > > > > besides sending people out (we have 80 locations) to readd them to the domain?
.

Relevant Pages

  • RE: I just inherited a Windows 2k3 domain filled with NETLOGON err
    ... Clustered DCs. ... By all means cluster web front ... Won't a restore wipe out the new additions? ... >>> This may lead to authentication problems. ...
    (microsoft.public.windows.server.general)
  • RE: I just inherited a Windows 2k3 domain filled with NETLOGON err
    ... The DCs are the exchange servers, that is why they are clustered. ... By all means cluster web front ... Won't a restore wipe out the new additions? ...
    (microsoft.public.windows.server.general)
  • Re: restoring Exchange 2003 cluster in a non-clustered DRP environ
    ... If you just want to restore the db and link it to test users you don't ... need to build a cluster node. ... make sure your Exchange org name is the same as ... of the production server. ...
    (microsoft.public.exchange.setup)
  • Re: Backup and Restore Question
    ... windows domain at a remote location with nothing but a windows CD and backup ... and remove the other DCs from AD ... Seize all FSMO roles to the one restored server ... The second best solution if you have to restore to diseparate hardware is ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cannot delete file in the virtual disk.
    ... > it did lose all attributes when i did a Legato restore. ... >> mentioned that you have restarted the cluster, I am assuming this is NOT ... Ceck to make sure thar the disk is properly inserted, ... >>> that you are connected to the internet or your network, ...
    (microsoft.public.windows.server.clustering)