Announcement

Collapse
No announcement yet.

Phantom Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Phantom Domain

    Okay you have to read all the way through this because the usual answers do not work here.

    I attempted to add a new domain called ccs to an existing tree called cccm.lan. After what appeared to be a success, not only did the server for cccm.lan fail (I could no longer log in after a restart and as it turned out AD did not start) but the server for ccs also was unmanageable.

    Now luckily I was using Parallels on the cccm.lan server, so I was able to revert to a snapshot from a prior day. Theoretically this should have put me at a place where cccm.lan knew nothing about ccs. I then tore down the ccs server and built another one up from scratch. So far so good.

    But now when I try to create the domain again, in the same manner as before, I first get an error saying that a prior domain exists with that name, and do I want to replace that information. If I say yes, it seems like it is going to work, but fails with an error saying that the domain or computer name matches something else on the network. There is nothing else on the network named ccs I have looked.

    So it must be coming from Active Directory, right?? How domain information is still in AD for ccs after I reverted to a snapshot from before I created it astounds me, but whatever. Maybe it got copied back from a replica. Who knows?

    At any rate, I have used ntdsutil to try to clean up the metadata, but there is no information there referring to the ccs domain. In fact there is no where in active directory or dns with references to the domain or the server, EXCEPT in Active Directory Domains and Trusts. THERE I see it, but I cannot delete it!! I have used ldp and the server nor domain shows up there.

    I am completely baffled. I need a way to purge AD from all references to the server and domain but there does not seem to be a comprehensive way of doing that. It's like the domain was a rabbit in a little cage called Active Directory and left droppings in the cracks and crevices that I cannot fully get cleaned out, so another rabbit refuses to live there. That is to say, I cannot add the ccs domain because active directory still thinks there is such a thing, only there isn't and every tool to see if there isn't confirms that there isn't, only AD thinks there is when I try to create it again. Does any one else get sick to their stomache when having to work with active directory? Because I sure do.

    What in the world do I do??
    Last edited by slylabs13; 14th June 2011, 22:15.

  • #2
    Re: Phantom Domain

    Do you have other domain controllers for the root domain besides the one you reverted?

    If so, then obviously, the one you reverted is going to update itself from the other servers which are more up to date.

    If not, then obviously the problem isn't arising from a replica knowing about ccs, because there is no replica.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Phantom Domain

      Hi Gareth thanks for the reply.

      Well I resolved my problem. I discovered that my logon service on the forest master was paused, and the Windows Time service was stopped. That was one issue that was preventing replication.

      Once I enabled these I discovered that the replica still had information regarding the ccs domain. To simplify matters I removed this replica so that there was only one DC for the cccm domain. That way I wouldn't have to deal with replication problems until I got everything else resolved.

      I then stumbled across an article about how to *actually* remove a domain using the ntdsutil, not just the metadata, but the domain itself. After all was said and done, I got a clean bill of health from dcdiag and netdiag. First time in a long time. I think the replica was buggering things up all along.

      Now my question is, do I even need a replica if I have a forest with child domains? Is it possible to promote a child to the forest master if the forest master fails? If not then I think that all my DC's will require a replica just to be safe, although I have had nothing but troubles with replicas the entire time I have been administering AD.

      By the way I love your signatures!
      Last edited by slylabs13; 15th June 2011, 18:59. Reason: Added comment

      Comment


      • #4
        Re: Phantom Domain

        Glad you got it sorted.

        Originally posted by slylabs13 View Post
        Once I enabled these I discovered that the replica still had information regarding the ccs domain. To simplify matters I removed this replica so that there was only one DC for the cccm domain. That way I wouldn't have to deal with replication problems until I got everything else resolved.

        I then stumbled across an article about how to *actually* remove a domain using the ntdsutil, not just the metadata, but the domain itself. After all was said and done, I got a clean bill of health from dcdiag and netdiag. First time in a long time. I think the replica was buggering things up all along.
        Removing the replica is a possibility, but as sure you can appreciate, cleaning up the metadata is often preferable as it avoids the need to remove another server from your environment, even if only temporarily.

        Originally posted by slylabs13 View Post
        Now my question is, do I even need a replica if I have a forest with child domains? Is it possible to promote a child to the forest master if the forest master fails? If not then I think that all my DC's will require a replica just to be safe, although I have had nothing but troubles with replicas the entire time I have been administering AD.
        You don't *need* replica domain controllers (regardless of your forest structure) but they make a lot of sense, in that they provide redundancy and increase capacity.

        A child domain can never become a forest root domain and a root domain can never become a child of another. Nor can a DC hold domain-level FSMO roles from another domain. However, any DC in the forest can hold a forest-level FSMO role, they don't have to be held at the forest root.

        What problems have you been having with replicas? I would suggest that you experiment and research some more into how they work - once you have a good understanding of that, you shouldn't have any problems at all.

        Originally posted by slylabs13 View Post
        By the way I love your signatures!
        Heh thanks, just got back from another exam to expand it some more
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Phantom Domain

          Originally posted by gforceindustries View Post
          Glad you got it sorted.

          You don't *need* replica domain controllers (regardless of your forest structure) but they make a lot of sense, in that they provide redundancy and increase capacity.
          <snip>
          What problems have you been having with replicas? I would suggest that you experiment and research some more into how they work - once you have a good understanding of that, you shouldn't have any problems at all.

          Heh thanks, just got back from another exam to expand it some more
          I think that all my problems stemmed from a long standing USN rollback that must have occurred a long time ago. It seems my master and replica were not in sync. I followed instructions on how to get them back in sync and replicating again, and now all *seems* well.

          Can you point me to a good article on how to move users, groups and computers from a domain in one forest to a domain in another? I have looked at ADMT and USMT, but all the articles seem to be about going from NT4/2000 to 2003, or 2003 to 2008. I am simply going from 2003 to 2003. Do I have to set up a 2 way trust first? I tried setting up a trust between the two domains, and it failed for some reason, so I am hesitant to do anything that requires that.

          Do you think upgrading both domains to 2008 first would simplify the process?

          Comment

          Working...
          X