Solved

DC in remote site isn't replacting after PDC failure

Posted on 2010-08-23
4
293 Views
Last Modified: 2013-11-05
Over the weekend our main domain controller failed.  I've transferred roles and cleaned up metadata using ntdsutil.  A DC in a remote site doesn't seem to be replicating properly; when I run "dcdiag /test:Knowsofroleholders /v' on it, it has the wrong server listed in the FSMO roles.

How can I be sure that it's replicating, and what else should I check?
0
Comment
Question by:theamzngq
  • 2
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33502570
If the box failed did you seize the FSMO roles?
Check the logs on that DC, use dcidag, and repadmin  (/showreps /replsummary and /showrepl are decent switches)
You can also check FSMO holders by  
netdom query fsmo
Is this the only box that is reportin gthe wrong FSMO holders?
Thanks
Mike
0
 
LVL 2

Author Comment

by:theamzngq
ID: 33502713
Yes, I seized the roles on another local DC.  Running readmin /showreps, a replication attempt to the new holder of all the FSMO roles shows "Last attempt @ (never) was successful."

running 'netdom query fsmo' on the remote server shows mixed results.  It has one of the roles correctly listed (Schema Master), but the rest still show the failed server name.  Running that same command on the new recipient of the seized roles shows that it has all the roles assigned.

0
 
LVL 2

Author Comment

by:theamzngq
ID: 33502742
I just ran dcdiag /fix, and re-ran the netdom query, and now the remote DC shows all the proper roles!

What else should I verify before calling it good?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33503123
double check the event logs (directory services and FRS logs)  Just to make sure there are no other issues.  Nice work!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now