Solved

Recreating an AD domain

Posted on 2010-09-09
10
391 Views
Last Modified: 2012-08-13
Currently working on a problematic AD.  Had promoted a 2nd server to a DC a while back, but recently discovered it's not replicating any data, because there apparently isn't any on the initial DC...

I figured that demoting the secondary server and then completely removing AD from the primary server would allow me to start over clean.  It's a single location with about a dozen clients and probably 4-6 servers (one is Exchange).

First question, in case I'm just unaware, is there a way to 'fix' the primary server?  There is no SYSVOL share, there doesn't even appear to be a SYSVOL folder, at least not where ADUC points to.  There is an NTDS folder under the default location, with a recent copy of the database.  The event log has errors such as

The Netlogon service could not create server share F:\SYSVOL\sysvol\<domainname>\SCRIPTS.  The following error occurred: The system cannot find the path specified.

...which I would expect.  Also group policy is completely blank because it can't find a suitable DC.

Secondly, if not, I am thinking I just export the users and computers in AD.  Understanding that the computers will need to rejoin the domain (or would they have to be removed first?).   Is there anything else I need to be sure to export before trying this approach (which I hope can be avoided).

Essentially, we just need to get AD working, but it looks like a build from the ground up, either manually, or from a complete do-over. :(
Hoping I'm making a lot out of this that is unnecessary and that someone has some additional ideas...
0
Comment
Question by:sirbounty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33637557
First thing search for a SYSVOL folder could be that someone did a registry change and try to point to another location which seems to what they did since SYSVOL defaults to C:\.

Post dcdiag
0
 
LVL 67

Author Comment

by:sirbounty
ID: 33637638
No sysvol at all.  That's why the error.  Registry and domain config point to it on F:\, but it's not there...

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\ServerName
      Starting test: Connectivity
         ......................... ServerName passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\ServerName
      Starting test: Replications
         ......................... ServerName passed test Replications
      Starting test: NCSecDesc
         ......................... ServerName passed test NCSecDesc
      Starting test: NetLogons
         ......................... ServerName passed test NetLogons
      Starting test: Advertising
         ......................... ServerName passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ServerName passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ServerName passed test RidManager
      Starting test: MachineAccount
         ......................... ServerName passed test MachineAccount
      Starting test: Services
         ......................... ServerName passed test Services
      Starting test: ObjectsReplicated
         ......................... ServerName passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ServerName passed test frssysvol
      Starting test: frsevent
         ......................... ServerName passed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 09/09/2010   10:52:35
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 09/09/2010   10:52:35
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 09/09/2010   10:52:35
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 09/09/2010   10:52:35
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 09/09/2010   10:52:35
            (Event String could not be retrieved)
         ......................... ServerName failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000014
            Time Generated: 09/09/2010   10:12:30
            (Event String could not be retrieved)
         ......................... ServerName failed test systemlog
      Starting test: VerifyReferences
         ......................... ServerName passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : domainname
      Starting test: CrossRefValidation
         ......................... domainname passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... domainname passed test CheckSDRefDom
   
   Running enterprise tests on : domainname.somedomain.com
      Starting test: Intersite
         ......................... domainname.somedomain.com passed test Intersite
      Starting test: FsmoCheck
         ......................... domainname.somedomain.com passed test FsmoCheck

Open in new window

0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33637692
Passing SYSVOL on dcdiag
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 
LVL 67

Author Comment

by:sirbounty
ID: 33637796
I recreated most of the folder structure, but trust me, there was no sysvol...
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 33637914
0
 
LVL 67

Author Comment

by:sirbounty
ID: 33647121
Better, but still not there...
I had demoted the only other dc and repromoted it after cleaning some things up.
Both DCs are local.

Still getting replication errors on the newly promoted dc:


The File Replication Service is having trouble enabling replication from Server1 to Server2 for f:\sysvol\domain using the DNS name Server1.office.domain.local. FRS will keep retrying. 
 Following are some of the reasons you would see this warning. 
 
 [1] FRS can not correctly resolve the DNS name Server1.office.domain.local from this computer. 
 [2] FRS is not running on Server1.office.domain.local. 
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers. 
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Open in new window

0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33648116
Stopped NTFRS service on both DCs.
Made one of the DC authoritative server by modifying registry setting : Navigate to registry HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D4. This should be done with server which has the Updated information available or correct data.
Went to other DC and made that Non-authoritative by navigating to same registry location HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D2.
0
 
LVL 67

Author Comment

by:sirbounty
ID: 33648349
That setting to D4 was already made before I had the secondary dc added.  Do you really think that's a necessary adjustment now?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33648439
You can now force the replication between the 2 domain controllers. One authoritive and one non-authoritive
0
 
LVL 67

Author Closing Comment

by:sirbounty
ID: 33648907
I don't believe it's entirely resolved at this point, but I do realize this is a lot to ask in one question.  Thanks for your help.  
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question