Announcement

Collapse
No announcement yet.

Unique Replication Problem, Need A Solution

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unique Replication Problem, Need A Solution

    Okay, this thread may be a bit anti-climatic, but I just want to make a last ditch effort to find another way to do this. My company took over management of another company and wanted them in the same domain. The other company consists of three sites. Each site was a seperate domain with one domain controller each. My boss wanted them on the same domain--our domain.

    So I purchased cheap vpn firewalls for each site and patched them into our WAN. Here's how it turned out:

    http://i2.photobucket.com/albums/y10...nLayoutOld.jpg

    Notice the key on the bottom right. Sites are represented with rounded squares while the domain controllers are the ovals within the squares (or rectangles--whatever). My company's six domain controllers are on the top half and are in a hub and spoke VPN connection. Every DC can replicate with the other DCs in the company. The bottom half is the other company. They're in a full-mesh configuration where every DC in that company can see the others. Well due to an interoperability issue with the firewalls, I could only connect the other company's site to ONE of ours--the main site. Why this was done is a moot point.

    Basically we ended up with a situation where our main site was a "bridge" between our company's DC's and theirs and replication did occur across all sites. However, a few months ago the DC at the main site suffered a hardware failure and we could not revive it. So the bridge was essentially gone. So there was no replication between the top group of DCs and the others for months. A month ago, I managed to get a VPN link to another site. Here's basically how the network looks now:

    http://i2.photobucket.com/albums/y10...nLayoutNew.gif

    However, I've used replmon and repadmin to try to force replication and it doesn't work. Turns out the DC's from the other company were "offline" so long that the GUIDs are no longer valid. Is there a way to fix this problem without demoting the DCs and promoting them again?

  • #2
    Re: Unique Replication Problem, Need A Solution

    You can't even do that. You must reinstall the OS on each and every one as far as I'm concerned... trying to retrieve this from the mess it's in in any other way will simply cause you months and months of bother. If you demote them and repromote them the results will be... unpredictable - even if you rename them before promoting them again.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Unique Replication Problem, Need A Solution

      Is it really that serious? I don't have the time to do all of that since the DCs also act as an application server at each site.

      So I can't demote the servers, make the servers member servers and then repromote them?

      Comment


      • #4
        Re: Unique Replication Problem, Need A Solution

        Well, don't get me wrong, you CAN... but I wouldn't advise it. And I don't believe Microsoft will either. If you're going to do it, then I would advise you to rename each box before promoting it. Even better, create a sub-domain for them in the "forest" owned by the domain on your side.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: Unique Replication Problem, Need A Solution

          Can I demote and promote the server from Remote Desktop? Would that cause any issues? I can do it on the weekend when the staff isn't there. I'll try to promote and demote. I don't see where that would cause any problems. I'm basically destroying the Active Directory and copying it again from a DC with all of the FSMO roles.

          Will this cause any logon problems for the users at the site? Will I have to unjoin each workstation from the domain and then rejoin them or can I let them stay the same?

          Comment


          • #6
            Re: Unique Replication Problem, Need A Solution

            You can do the demotion and promotion from a remote desktop, yes... workstation accounts will probably need resetting (right-click workstation in ADUC, and select "Reset"). If this fails they will need to rejoin the Domain.

            The sorts of problems you're likely to encounter are (apparent) DNS issues, replication problems in the Schema and Configuration partitions, failed logons, failed password changes, inability to find a domain controller by certain processes, DCOM issues. These are only the beginning; basically after an exercise such as this you're likely to have Event Logs which are largely red in colour. It may take a week or two to get bad enough to be serious.

            It's obviously your call - but I cannot emphasise enough that I think it's a bad idea.


            Tom
            For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

            Anything you say will be misquoted and used against you

            Comment


            • #7
              Re: Unique Replication Problem, Need A Solution

              Originally posted by Stonelaughter View Post
              You can do the demotion and promotion from a remote desktop, yes... workstation accounts will probably need resetting (right-click workstation in ADUC, and select "Reset"). If this fails they will need to rejoin the Domain.

              The sorts of problems you're likely to encounter are (apparent) DNS issues, replication problems in the Schema and Configuration partitions, failed logons, failed password changes, inability to find a domain controller by certain processes, DCOM issues. These are only the beginning; basically after an exercise such as this you're likely to have Event Logs which are largely red in colour. It may take a week or two to get bad enough to be serious.

              It's obviously your call - but I cannot emphasise enough that I think it's a bad idea.
              LOL! Hell, those are the problems I'm having now, sans the login problems. Worst case scenario is that I'll be back at square one.

              If that sucker wasn't also our application/file server, I would just reformat the whole box, but that's not an option. Don't ask me why they have all that stuff running on one box. That's also moot at this point.

              Comment


              • #8
                Re: Unique Replication Problem, Need A Solution

                KOA, when you say "domain" do you mean an AD domain? I assume yes. I also assume that you migrated the purchased company's domain to your domain.

                Was replication working after the migration?

                If you do demote/promote the DCs, don't forget to do the metadata cleanup.

                When you reset a computer account it basically deletes the account and creates a new one with the same name in the same container. So therefore, if you reset a computer account, that computer will need to be rejoined to the domain.

                But if Guy will come and give his two cents I'm sure he could tell you how bad it is and if you need to rebuild everything.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: Unique Replication Problem, Need A Solution

                  Originally posted by JeremyW View Post
                  KOA, when you say "domain" do you mean an AD domain? I assume yes. I also assume that you migrated the purchased company's domain to your domain.
                  Yes, you are correct. I migrated each of the other company's DC's to MyCompany.local domain.
                  Was replication working after the migration?
                  Yes.

                  I have another question. Do you guys advise having local clients authenticate using a remote domain controller? What if I just made the DC a member server. Would the workstations authenticate using another DC on the WAN? Is this a best practice for a branch office? Eventually, I want all servers to be centralized to one site--Domain Controllers included. Will this work given a stable and reliable WAN link?

                  Comment


                  • #10
                    Re: Unique Replication Problem, Need A Solution

                    Originally posted by KOA View Post
                    I have another question. Do you guys advise having local clients authenticate using a remote domain controller? What if I just made the DC a member server. Would the workstations authenticate using another DC on the WAN? Is this a best practice for a branch office? Eventually, I want all servers to be centralized to one site--Domain Controllers included. Will this work given a stable and reliable WAN link?
                    Are you talking about one physical site?

                    If you're going to have workstations at various physical locations, it would be ideal to have the resources they need to access as close as possible. I know that this is not always feasible.

                    I would say that you'll want at least one DC at each location. But I really don't know your setup, how many computers at each site, requirements for the systems, bandwidth, etc. so I can't really give a definitive answer.
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment


                    • #11
                      Re: Unique Replication Problem, Need A Solution

                      Originally posted by JeremyW View Post
                      Are you talking about one physical site?

                      If you're going to have workstations at various physical locations, it would be ideal to have the resources they need to access as close as possible. I know that this is not always feasible.

                      I would say that you'll want at least one DC at each location. But I really don't know your setup, how many computers at each site, requirements for the systems, bandwidth, etc. so I can't really give a definitive answer.
                      Each branch office has like 3 or 4 computers. Could I just place a couple of DCs at my main site and have them logon over the WAN?

                      Comment


                      • #12
                        Re: Unique Replication Problem, Need A Solution

                        Originally posted by KOA View Post
                        Each branch office has like 3 or 4 computers. Could I just place a couple of DCs at my main site and have them logon over the WAN?
                        Yes, it's possible. But there's a lot of variables.

                        Just remember, you do everything at your own risk. There's no way for me to tell if this is a good idea or not.
                        Regards,
                        Jeremy

                        Network Consultant/Engineer
                        Baltimore - Washington area and beyond
                        www.gma-cpa.com

                        Comment


                        • #13
                          Re: Unique Replication Problem, Need A Solution

                          Originally posted by JeremyW View Post
                          Yes, it's possible. But there's a lot of variables.

                          Just remember, you do everything at your own risk. There's no way for me to tell if this is a good idea or not.
                          I realize this. I know what I'm doing to an extent, but I just need varied opinions on what can happen. Eventually, I would like to get the DCs out of the satellite sites due to the fact that they are a pain in the but to manage. That's NINE DCS across all nine sites. That's just too much for one administrator. With less than 100 computers across 9 sites, I could consolidate it down to 2 or 3 DCs at the central office and I just have to worry about the WAN links.

                          Comment


                          • #14
                            Re: Unique Replication Problem, Need A Solution

                            If you plan to consolidate your servers to one site, you could easily redeploy some of your DC's as terminal servers, it the HW is up to it. It seems unnecessarily expensive to have satellite offices with less than 10 computers all having a separate DC. One central site and a big or a few TS's could also help solve your replication problems.
                            TIA

                            Steven Teiger [SBS-MVP(2003-2009)]
                            http://www.wintra.co.il/
                            sigpic
                            Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                            We donít stop playing because we grow old, we grow old because we stop playing.

                            Comment


                            • #15
                              Re: Unique Replication Problem, Need A Solution

                              This line of enquiry HAS to be more sensible than bringing back online DCs which haven't replicated in an extended period - by whatever method.


                              Tom
                              For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                              Anything you say will be misquoted and used against you

                              Comment

                              Working...
                              X