Announcement

Collapse
No announcement yet.

My domain controllers are making my life miserable

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • My domain controllers are making my life miserable

    Here's my dilemma I have two domain controls that have not been replicating for one year ( thatís a network that I just inherited ) one of the DC's is having a huge DN issues but most of new users and OU have been added to it through he last 11 month I have tried everything that I know to fix this DNS issues but no success both are 2003 I just bout a new server 2008 that I want it to be my new DC so with the current problem that I have I just can't add it as a member server then promote it as DC then demote the other two This is a production environment by the way 60 workstations what is the best approach that I can have to address this issue I have been in this company for like a month now and I am getting sick and tired answering support calls of users can't login to their workstation and I can't apply any gpo's I am really begging for help here Thank you

  • #2
    Re: My domain controllers are making my life miserable

    Can you please post ipconfig /all from both servers and dcdiag and netdiag from both as well.

    Comment


    • #3
      Re: My domain controllers are making my life miserable

      if they havne't been replicating for over a year, very possibly you've got major tombstone issues.

      I would consider attacking this way:

      Finding the server that holds the FSMO roles. Referring to this as your "authoritative" source for now.
      Demote all other domain controllers. If it won't let you do that, then do it the hard way
      Do a metadata cleanup.
      Promote a server back into the directory. Ensure it replicates properly.
      Then re-promote a few of the old servers till you have a relevant structure based on your enviroment (you may only need 2 servers, in which case this is irrelevant)

      It's a bit slash and burn.. but probably quicker and easier than messin around tryin to restore a directory that hasn't replicated for as long as you say.


      Be prepared though - you may need to create some objects./...
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment


      • #4
        Re: My domain controllers are making my life miserable

        Just to add, export (CSVDE or LDIFDE) everything from AD on each DC you are demoting, so you can relatively quickly re-create missing objects.
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: My domain controllers are making my life miserable

          yep, nice call
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: My domain controllers are making my life miserable

            Originally posted by tehcamel View Post
            if they havne't been replicating for over a year, very possibly you've got major tombstone issues.

            I would consider attacking this way:

            Finding the server that holds the FSMO roles. Referring to this as your "authoritative" source for now.
            Demote all other domain controllers. If it won't let you do that, then do it the hard way
            Do a metadata cleanup.
            Promote a server back into the directory. Ensure it replicates properly.
            Then re-promote a few of the old servers till you have a relevant structure based on your enviroment (you may only need 2 servers, in which case this is irrelevant)

            It's a bit slash and burn.. but probably quicker and easier than messin around tryin to restore a directory that hasn't replicated for as long as you say.


            Be prepared though - you may need to create some objects./...
            well the roles holder server is the server with the DNS issues I don't know how this will work what do you think

            Comment

            Working...
            X