No announcement yet.

Disabled Inbound and Outboun replication

  • Filter
  • Time
  • Show
Clear All
new posts

  • Disabled Inbound and Outboun replication

    Hi Experts,

    In one company that I handle now I have discovered this AD issue. they have 3 DC's and one of the DC are not replicating to other DC's because replication was explicitly disabled. The last successful replication that occurred was April 11, 2007 and I only discovered this problem on March 8 '08.

    In this company no one really knows AD and their practice in creating user accounts is not correct. their process is; create user accounts in RETMAIL (the server name of the DC server) and then create again the same accounts in MAILSERVER (the server name of the second DC), they are doing it this way because of the replication issue, MAILSERVER is also hosting their exchange server and if they did not create the account in MAILSERVER the user will not able to login to his mailbox.

    there are arround 3000 users accounts in this AD, and now the IT head wants to identify all those accounts that were created after 4/11/07 because those are the acconts that may possibly create duplicate/conflicts if we enable replication in MAILSERVER.

    is there an easy way to identify those accounts?
    what are the best approach to resolve this problem? someone advise me to demote the two DC and then promote it again after enabling the replication in MAILSERVER, but the problem is the FSMO roles are distributed in these two other DC and demoting it may result to a bigger problem. these roles need to be transfered first to the MAILSERVER before demoting the two DC's but how we can transfer it if replication is explicitly disabled in MAILSERVER?

    i was thinking of enabling the replication in the MAILSERVER and let it create duplicate accounts then do LDIF collection to identify the account with the most refresh date and retain it and then delete the other duplicate account, but you may have a better idea in resolving this problem. Hope you can give your expert advise in this issue.

    Additional Info:
    it's only a Windows 200 AD
    and all servers are running W2K with SP4.


    Attached Files
    Last edited by ojoj0077; 13th March 2008, 07:01.

  • #2
    Re: Disabled Inbound and Outboun replication


    My suggestion is to forcefully demote the DC which is not the role holder. Clean Metadat and promote the box again as Adc.

    Kapil Sharma
    Life is too short, Enjoy It.


    • #3
      Re: Disabled Inbound and Outboun replication

      thanks for your reply.

      base on our initial investigation the DC that is not a role holder contains more data (20,000+ more) as compare to other two DC's. I think demoting this DC would require a lot of work as we will need to recreate the missing accounts when this is demoted.

      Does anybody know other approach to solve problem like this?


      Last edited by ojoj0077; 13th March 2008, 07:11.


      • #4
        Re: Disabled Inbound and Outboun replication

        You can easily transfer FSMO roles from one DC to another. Make the one that has 20000+ objects hold all the roles and be a DC. Then demote and promote the others to replicate with it.
        Just remember that Win2000 is no longer a supported system, so have a good DR plan just in case.

        Steven Teiger [SBS-MVP(2003-2009)]
        Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

        We donít stop playing because we grow old, we grow old because we stop playing.