Domain admin password corruption/change.

I have a domain with 2 AD controllers.
Upon rebooting either controller we are not able to log into the system with the admin account.
We can change the password (to the same thing as before) on the other AD controller we can then log in.

I have enabled auditing on the system to see if something is changing the password (policy) and nothing is/has.

I have looked at the FSMO roles to find that the domain controller (operations masters) cannot be found (i.e., ERROR) upon reboot.  if I force a sync, via Sites & Services, they FSMO roles return to normal.

I know that there is a misconfiguration someplace or some parts of the system are not communicating properly, however there are no DNS errors to indicate a naming issue and WINS is functioning properly.

Any ideas?
LVL 3
Jeff MorlenNetwork EngineerAsked:
Who is Participating?
 
Jeff MorlenNetwork EngineerAuthor Commented:
Understood... however I was hoping to avoid that.
0
 
Jeff MorlenNetwork EngineerAuthor Commented:
BTW: Both AD Controllers pass the DCDIAG test with no errors.
0
 
OriNetworksCommented:
Backup systemstate of both, remove one from domain conroller role and see if the one dc gives you any problems. Be sure to seize all roles to this domain controller. Promote the other back to dc role and transfer any necessary demo roles. Maybe this will sync up any problems.  Other than that, any recent changes?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Jeff MorlenNetwork EngineerAuthor Commented:
That is the path that I was heading down, but was hoping that someone had seen and then fixed this.

Due to this servers being part of a network that needs to be up 24/7, maintenance will have to be scheduled.

If someone else has seen this and fixed it, please let me know ASAP.  I'll be scheduling this work to be done soon.
0
 
Jeff MorlenNetwork EngineerAuthor Commented:
Anybody else have a solution other than an AD Server rebuild?
0
 
OriNetworksCommented:
my suggestion is just to reinstall the role not necessarily rebuild the entire server
 It may be a quicker and easier solution for you.
0
 
Jeff MorlenNetwork EngineerAuthor Commented:
No comments were posted as to fix to this issue.
A rebuild of the AD structure is not a fix.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.