?
Solved

Hub Site DC in USN ROllback!

Posted on 2010-04-05
7
Medium Priority
?
621 Views
Last Modified: 2012-08-13
Hello Experts!

I have a question. I have a Hub and Spoke topology with say 20 spokes. Each site has only one DC (including Hub site).
Now my Hub site DC goes in USN rollback state and I have no system state backup with me...
Please let me know what should I do to make my environment work.
I have no connectivity between spoke sites.

Regards,

Arun.
0
Comment
Question by:ARK-DS
  • 3
  • 2
  • 2
7 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 29810092
With a USN rollback you will need to do a /forceremoval and metadata cleanup.    The DS team has a great blog about USN rollbacks here:

http://blogs.technet.com/askds/archive/2009/06/05/dc-s-and-vm-s-avoiding-the-do-over.aspx

start with the section

"...To correct this situation we need to do the following on the DC that has the roll back issue..."

You will have that box back up as a DC after you go through the steps.

Thanks

Mike
0
 
LVL 2

Expert Comment

by:pubeheed
ID: 29841024
Hi Arun,

Mike is spot on, bascially what you will need to do is complete a removal or AD from the server and them perfom a clean up of that DC to remove all entries of it from AD. Once it is fully removed repl will start working again (although you might need to play about with your repl topology if this is the main hub and everything is spoked from it)

Once it has been fully removed and repl is happy you can safely add it back in again using the standard dcpromo method.

I would suggest reading through the article above a few times and then stepping through it.

The one thing that would be good to understand is how this happend - is this DC a VM and it was rolled back to a previous state? If so it would be a good time to point out that will always cause this to happen VM rollbacks and DC do not go well together.

Good luck

GM
0
 
LVL 7

Author Comment

by:ARK-DS
ID: 29849463
Thanks Mike,

Thats what I thought. But then If the DC replicates with the DC in site A, ofcourse Site A will start replicating to the Hub site. But, what about the other 19 spoke sites? How would they start replicating with the HUB site?

Regards,

Arun.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 29850076
All the spokes have site links to the hub, so when the new hub DC comes back up it will still be the hub and spoke so they will replicate based on the schedule defined in your site links.

One other thing, in this sort of design I'd have several DCs in the hub site.

Thanks

Mike
0
 
LVL 7

Author Comment

by:ARK-DS
ID: 29862668
OK,

Please see the file attached. Its a smaller model of the domain I am talking about (with four spokes).

Wont I have to clean Meta Data of DC-H  from all sites? I dont think I would be able to promote the DC without cleaning meta data...

And once I do this from all sites, all sites will know that there is no DC in the HUB site. Right? So no connection objects on sites...

I understand that we should have multiple DCs in a site and especially HUB site. But this is what the situation is...

Regards,

Arun.
USN-ROLLBACK-IN-HUB-SITE.JPG
0
 
LVL 2

Accepted Solution

by:
pubeheed earned 2000 total points
ID: 29878601
Hi Arun,

Yes you are correct replication is not going to happen if you have a pure hub and spoke replication.

Two things I would suggest you do.

1) until this is fixed move one of the Domain controllers within sites and services to the hub site and make sure that replication is happening once it is run the metadata cleanup on that box for your failed DC

2) Build a temp DC in your HUB site and let it replicate with other servers then do a metadata cleanup - might be a good idea to down the corrupt DC until replication is happy with new DC

GM.
0
 
LVL 7

Author Closing Comment

by:ARK-DS
ID: 31710987
Thats what I was looking for... I think this is the perfect solution for this situation...

If we would have gone ahead without putting a DC in the HUB site, we would have been in trouble and then we would have had to take dumps of the configuration partition of HUB site and put that in rest 19 sites... to tell those sites that there is a DC in the HUB site and then KCC would have been able to create connections...

Thanks Pubheed and Mike.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question