Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 239
  • Last Modified:

Active Directory

I am running srvr 2003.  There is a hot spare disaster recovery server that was not communicating with AD updates.  After some troubleshooting, we decided to demote the server and then re-promote it.  

After demotion, there is still an entry in the main AD server that references the disaster recovery server in AD sites and services.  The NTDS settings read as such:

In sites and services under the disaster recovery server name on the main server the settings read: "ntds settings" then there is a square followed by "CNF:" and a long series of hex digits (see attached screenshot) I am unable to delete this corrupt entry.  This is preventing me from re-promoting the disaster recovery server.  

Any help will be greatly appreciated.

Jim
ntds-screen-shot-1-.doc
0
Sapeur
Asked:
Sapeur
  • 5
  • 4
1 Solution
 
tigermattCommented:

It looks like the old DC's account has had some major issues with its Active Directory account. Run a metadata cleanup of the problem DC's account, and hope for the best! http://technet.microsoft.com/en-us/library/cc736378.aspx

-Matt
0
 
MightySWCommented:
Hi, You can just delete it as well.

If you run DCdiag it should say something similar.  Once you delete that site then you should be ok.

Metadata cleanup should work as well as the pointer is gone.

HTH
0
 
SapeurAuthor Commented:
I tried the metadata clean up and got this error

"DsRemoveDsServerW error 0x20e (The DSA object could not be found)

The corrupt entry is still showing on the main DC
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
tigermattCommented:

If you're seeing that error then you are either attempting to bind to the DC which you are cleaning up (make sure it is turned off and disconnected) or the 'NTDS Settings' container has already been deleted from Active Directory.

If the latter, fire up ADSIEdit, browse down through the domain and try force deleting the server object in there. I'll get you the exact ADSIEdit path if you wish.

-Matt
0
 
SapeurAuthor Commented:
Matt,

Please send over the ADSIEdit path if you could.  I'm going to try that next.

Thanks,

Jim
0
 
tigermattCommented:
Jim,

Sorry for the late reply. There's been an issue with the EE email alerts.

The physical path I would check first with adsiedit is Configuration > CN=Configuration... > CN=Sites. Then, browse down to the site where the server object appears and see if it shows up in there. If it does, try deleting it directly there, and see what happens.

-Matt
0
 
SapeurAuthor Commented:
Matt,

No problem, I got sidetracked my self this past week with other issues.  I'm going to come in to work Saturday and give it a try.  If that doesn't work, my boss and I will just rebuild from scratch.  

Thanks,

Jim
0
 
tigermattCommented:
Rebuild is the next best option. When things get down to the Active Directory nitty-gritties, sometimes the only sure fix is a rebuild, unfortunately.

Let me know how you get on,

-Matt
0
 
SapeurAuthor Commented:
Matt,

Sorry for the long delay in my response.  The adsedit worked.  I was on the verge of just renaming the dc and adding it that way, but the geek in me was bound and determined to find a solution!!  I created an mmc with all the AD tools for the next poor sap who takes my place when I move on :)

Thanks for your help, I am now a confident AD troubleshooter!

Take Care,

Jim
0
 
SapeurAuthor Commented:
ADSEDIT is a great mmc snap in for digging down into  AD when dcpromo won't work due to a corrupt database.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now