• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 394
  • Last Modified:

Recreating an AD domain

Currently working on a problematic AD.  Had promoted a 2nd server to a DC a while back, but recently discovered it's not replicating any data, because there apparently isn't any on the initial DC...

I figured that demoting the secondary server and then completely removing AD from the primary server would allow me to start over clean.  It's a single location with about a dozen clients and probably 4-6 servers (one is Exchange).

First question, in case I'm just unaware, is there a way to 'fix' the primary server?  There is no SYSVOL share, there doesn't even appear to be a SYSVOL folder, at least not where ADUC points to.  There is an NTDS folder under the default location, with a recent copy of the database.  The event log has errors such as

The Netlogon service could not create server share F:\SYSVOL\sysvol\<domainname>\SCRIPTS.  The following error occurred: The system cannot find the path specified.

...which I would expect.  Also group policy is completely blank because it can't find a suitable DC.

Secondly, if not, I am thinking I just export the users and computers in AD.  Understanding that the computers will need to rejoin the domain (or would they have to be removed first?).   Is there anything else I need to be sure to export before trying this approach (which I hope can be avoided).

Essentially, we just need to get AD working, but it looks like a build from the ground up, either manually, or from a complete do-over. :(
Hoping I'm making a lot out of this that is unnecessary and that someone has some additional ideas...
0
sirbounty
Asked:
sirbounty
  • 5
  • 5
1 Solution
 
Darius GhassemCommented:
First thing search for a SYSVOL folder could be that someone did a registry change and try to point to another location which seems to what they did since SYSVOL defaults to C:\.

Post dcdiag
0
 
sirbountyAuthor Commented:
No sysvol at all.  That's why the error.  Registry and domain config point to it on F:\, but it's not there...

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\ServerName
      Starting test: Connectivity
         ......................... ServerName passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\ServerName
      Starting test: Replications
         ......................... ServerName passed test Replications
      Starting test: NCSecDesc
         ......................... ServerName passed test NCSecDesc
      Starting test: NetLogons
         ......................... ServerName passed test NetLogons
      Starting test: Advertising
         ......................... ServerName passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ServerName passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ServerName passed test RidManager
      Starting test: MachineAccount
         ......................... ServerName passed test MachineAccount
      Starting test: Services
         ......................... ServerName passed test Services
      Starting test: ObjectsReplicated
         ......................... ServerName passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ServerName passed test frssysvol
      Starting test: frsevent
         ......................... ServerName passed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 09/09/2010   10:52:35
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 09/09/2010   10:52:35
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 09/09/2010   10:52:35
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 09/09/2010   10:52:35
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 09/09/2010   10:52:35
            (Event String could not be retrieved)
         ......................... ServerName failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000014
            Time Generated: 09/09/2010   10:12:30
            (Event String could not be retrieved)
         ......................... ServerName failed test systemlog
      Starting test: VerifyReferences
         ......................... ServerName passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : domainname
      Starting test: CrossRefValidation
         ......................... domainname passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... domainname passed test CheckSDRefDom
   
   Running enterprise tests on : domainname.somedomain.com
      Starting test: Intersite
         ......................... domainname.somedomain.com passed test Intersite
      Starting test: FsmoCheck
         ......................... domainname.somedomain.com passed test FsmoCheck

Open in new window

0
 
Darius GhassemCommented:
Passing SYSVOL on dcdiag
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
sirbountyAuthor Commented:
I recreated most of the folder structure, but trust me, there was no sysvol...
0
 
sirbountyAuthor Commented:
Better, but still not there...
I had demoted the only other dc and repromoted it after cleaning some things up.
Both DCs are local.

Still getting replication errors on the newly promoted dc:


The File Replication Service is having trouble enabling replication from Server1 to Server2 for f:\sysvol\domain using the DNS name Server1.office.domain.local. FRS will keep retrying. 
 Following are some of the reasons you would see this warning. 
 
 [1] FRS can not correctly resolve the DNS name Server1.office.domain.local from this computer. 
 [2] FRS is not running on Server1.office.domain.local. 
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. 
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Open in new window

0
 
Darius GhassemCommented:
Stopped NTFRS service on both DCs.
Made one of the DC authoritative server by modifying registry setting : Navigate to registry HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D4. This should be done with server which has the Updated information available or correct data.
Went to other DC and made that Non-authoritative by navigating to same registry location HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D2.
0
 
sirbountyAuthor Commented:
That setting to D4 was already made before I had the secondary dc added.  Do you really think that's a necessary adjustment now?
0
 
Darius GhassemCommented:
You can now force the replication between the 2 domain controllers. One authoritive and one non-authoritive
0
 
sirbountyAuthor Commented:
I don't believe it's entirely resolved at this point, but I do realize this is a lot to ask in one question.  Thanks for your help.  
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now