Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Replication errors after AD 2003->2008 Schema upgrade

Posted on 2011-03-07
5
Medium Priority
?
754 Views
Last Modified: 2012-05-11
Hi EEr's

Have recently taken over a new client who have a small network with a couple of servers:
Previous IT guru attempted (and successfully?) upgraded their AD schema to 2008 (in preparation for their move to Exchange 2010 & new 2008 Servers), however one of their DCs failed the upgrade. Server was due to be decommissioned but was overlooked during the upgrade, has some serious OS issues that prevent communication to the network.

Should I manually remove it from the AD environment with NTDSutil (following steps identified here:http://www.petri.co.il/delete_failed_dcs_from_ad.htm) or am I better off trying to repair the OS and decommission via DCPromo?

Previous IT guy had attempted repairs, but AD replication errors & DNS resolution issues (due to non-replication of AD) that are piling up encouraged him to find greener pastures.

All FSMO roles, DHCP & DNS services have been transferred off the old server some time ago, and DCDiag doesn't report any issues with their primary DC (Secondary GC Servers are reporting replication warnings!).

Any advice?!

Regards
Mike

0
Comment
Question by:GTMike
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 21

Accepted Solution

by:
snusgubben earned 1000 total points
ID: 35060481
That's up to you if you chose to fix and demote, or run a MD Cleanup.

If you're in a hurry, a MD Cleanup will save you some time. Just remember to run dcpromo /forceremoval on it in case you do a MD Cleanup.
0
 

Author Comment

by:GTMike
ID: 35060536
HI Snusgubben

Am considering trying to repair it (Was an old Win2000 that was upgraded to Win2003 by the look of it), but wondering if it'll even communicate properly once online given that its AD infrastructure missed the Schema upgrade?

Given that the old server won't even communicate with the domain in its present configuration (DCDiag fails to connect with a RPC error when run from the existing DC), should I just save time and do the MD cleanup?  DCPromo /forceremoval probably won't run given then RPC errors I'm seeing on the old server!

Regards
Mike
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35060648
When you say "successfully?" you can verify that  http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx#BKMK_VerifyForestPrep

See if your schema is at 44 for 2008 or 47 for 2008 R2.

I'd also go with the removal and metadata cleanup.

Thanks

Mike
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 35060793
"dcpromo /forceremoval" will just uninstall AD from this old DC and place it in a workgroup. It will not replicate the "demotion" to its old replication partners. Thus you need to run the MD Cleanup.

You can compare the schema version on this DC and see if the schema extension has been replicated to the old DC. But I'd not hesitate. Force it out :)



0
 

Author Closing Comment

by:GTMike
ID: 35061323
Great advice for confirmation of a fix, thank you!
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question