Announcement

Collapse
No announcement yet.

Active Directory Replication Issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Replication Issue

    Hi there,

    I have been having some issues appearing recently on one of my domain controllers and before proceeding I wanted to check with some other people who might have had/resolved the issue before.

    The issue is that I have 2 Domain controllers, lets call them DC1 and DC2. I have noticed that things I do on DC1 do not immediately replicate onto DC2. If I go onto the AD Sites and Services then into NTDS settings and try manually replicate from DC1 to DC2 I get "The replication operation encountered a database error".

    Replicating back the other way from DC2 to DC1 works fine.

    If I look at the logs on DC1 there are no errors. If I look on the logs on DC2 I get Errors like 1084 and 2108 as well as a rather ominous 467 "Database Corruption" error.

    Now those errors point me to a technet article ( support.microsoft.com/?id=837932) where I have to try offline defragmentation of the active directory database, repadmin to rehost the affected partition or to remove it as a global catalog server and then readd it. And failing all that use Ntdsutil.exe

    Now there were 2 things i was wondering. Firstly, as it is having problems replicating from DC1 and that is the one that takes ages to replicate, if it does at all, then surely that would be the problematic database? Or is it a case of the server with the errors needs all this doing to it?

    And Secondly, if this doesn't work, or even if this might be a quicker solution. Could I not just restore the server image from the working server onto a new box and change all the necessary configs/settings to make it appear as it is the other non-working server, then just remove the current non working server and put in my newly restored and reconfigured 2nd server? Or would that not even work?

  • #2
    Re: Active Directory Replication Issue

    IMHO flatten the bad DC (ideally use DCPROMO to demote it, but if not, do a metadata cleanup) rebuild the whole OS and rejoin to the domain, then make it a DC again. Yes, more work, but a more reliable solution....
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Active Directory Replication Issue

      Hi Ossian,

      So which one needs flattening then? DC1 ( the one that is slow to replicate and I cannot replicate from), or DC2 (the ones with the errors in the logs?)

      Comment


      • #4
        Re: Active Directory Replication Issue

        Does DC1 have any issues in its event logs?

        From your original post, I assumed DC2 was the "bad" one
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Active Directory Replication Issue

          No errors in DC1, but then why can I replicate from DC2 to DC1 but not the other way round? And adding something to DC2 takes immediate effect, though adding to DC1 does not (ie: adding a new domain user)

          Comment


          • #6
            Re: Active Directory Replication Issue

            Replication requires co-operation from both ends.

            When you talk about adding something, presumably it appears on that DC instantly regardless of which, but then takes time to appear on 2 from 1

            Have you run DCDIAG and any other health checks?
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Active Directory Replication Issue

              Well, yes and no. If I add something to DC1, then sometimes it replicates to DC2.... eventually.. sometimes it doesn't appear to replicate at all, though it may just be taking a very very verrryyy long time.

              I have run DCDiag, apart from those error logs DC1 comes up ok. DC2 fails on replication.

              Comment


              • #8
                Re: Active Directory Replication Issue

                @phreak: see my answer to your other question.

                Inter-site replication happens every 3 hours. The delay you're seeing for changes to replicate between the domain controllers is normal.

                Comment


                • #9
                  Re: Active Directory Replication Issue

                  When I say it doesn't seem to replicate I mean I have left it over the weekend and it didn't seem to replicate. Not a few hours. I realise that replication isn't immediate.

                  Comment


                  • #10
                    Re: Active Directory Replication Issue

                    For instance we had a computer added to a particular OU on DC1 on Saturday, but this morning it still had not replicated onto DC1.

                    Comment


                    • #11
                      Re: Active Directory Replication Issue

                      Please post your DCDIAG results, just keep in mind, actions on 1 DC does not appear immediately on all DC's - replication time.....

                      Comment

                      Working...
                      X