We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Active Directory

Sapeur
Sapeur asked
on
Medium Priority
248 Views
Last Modified: 2012-05-06
I am running srvr 2003.  There is a hot spare disaster recovery server that was not communicating with AD updates.  After some troubleshooting, we decided to demote the server and then re-promote it.  

After demotion, there is still an entry in the main AD server that references the disaster recovery server in AD sites and services.  The NTDS settings read as such:

In sites and services under the disaster recovery server name on the main server the settings read: "ntds settings" then there is a square followed by "CNF:" and a long series of hex digits (see attached screenshot) I am unable to delete this corrupt entry.  This is preventing me from re-promoting the disaster recovery server.  

Any help will be greatly appreciated.

Jim
ntds-screen-shot-1-.doc
Comment
Watch Question

tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:

It looks like the old DC's account has had some major issues with its Active Directory account. Run a metadata cleanup of the problem DC's account, and hope for the best! http://technet.microsoft.com/en-us/library/cc736378.aspx

-Matt

Commented:
Hi, You can just delete it as well.

If you run DCdiag it should say something similar.  Once you delete that site then you should be ok.

Metadata cleanup should work as well as the pointer is gone.

HTH

Author

Commented:
I tried the metadata clean up and got this error

"DsRemoveDsServerW error 0x20e (The DSA object could not be found)

The corrupt entry is still showing on the main DC
Site Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011
Commented:

If you're seeing that error then you are either attempting to bind to the DC which you are cleaning up (make sure it is turned off and disconnected) or the 'NTDS Settings' container has already been deleted from Active Directory.

If the latter, fire up ADSIEdit, browse down through the domain and try force deleting the server object in there. I'll get you the exact ADSIEdit path if you wish.

-Matt

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Matt,

Please send over the ADSIEdit path if you could.  I'm going to try that next.

Thanks,

Jim
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
Jim,

Sorry for the late reply. There's been an issue with the EE email alerts.

The physical path I would check first with adsiedit is Configuration > CN=Configuration... > CN=Sites. Then, browse down to the site where the server object appears and see if it shows up in there. If it does, try deleting it directly there, and see what happens.

-Matt

Author

Commented:
Matt,

No problem, I got sidetracked my self this past week with other issues.  I'm going to come in to work Saturday and give it a try.  If that doesn't work, my boss and I will just rebuild from scratch.  

Thanks,

Jim
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
Rebuild is the next best option. When things get down to the Active Directory nitty-gritties, sometimes the only sure fix is a rebuild, unfortunately.

Let me know how you get on,

-Matt

Author

Commented:
Matt,

Sorry for the long delay in my response.  The adsedit worked.  I was on the verge of just renaming the dc and adding it that way, but the geek in me was bound and determined to find a solution!!  I created an mmc with all the AD tools for the next poor sap who takes my place when I move on :)

Thanks for your help, I am now a confident AD troubleshooter!

Take Care,

Jim

Author

Commented:
ADSEDIT is a great mmc snap in for digging down into  AD when dcpromo won't work due to a corrupt database.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.