sysvol replication failing on w2k3 dc because of another replicating domain controller that died abrubptly

Posted on 2011-05-06
Medium Priority
Last Modified: 2012-05-11
I am getting gpo and frs event errors on our domain controller  because of another replicated domain controller that went down abruptly quite a while ago.   In order to remove it, I accidently followed Windows 2008 instructions and removed it first from the active directory users and computers/domain controllers console.   I realized that mistake and then switched to the correct instructions and tried to run the ntsdutil.exe to clean up the metadata for the dead server.   This errors out, like it doesn't recognize the server name.   Running a dcdiag on our current domain controller indicates that replication is still failing to this non existent server.   The article below describes part of my problem, with the 1030 and 1058 errors, and the next article is the technet instructions on running the ntsdutil on w2k3.    I'm hoping to get some help here, as I don't want to guess and poke around our one and only domain controller too much.   I know, I should have a second one.   After I get through this that will be a priority.


Question by:alexsupertramp
  • 2
LVL 17

Accepted Solution

aoakeley earned 2000 total points
ID: 35711100
Try following these metadata cleanup instructions
LVL 24

Expert Comment

ID: 35712571
If you have deleted the server object it might have removed the DC what you need to do now is to
remove all the traces of removed DC manually & the place required to be looked upon is especially from all the sub folder inside _msdcs folder in DNS, name server tab, server object from NTDS in ADSS, host records from DNS. Remove the server object from ADSIEDIT.MSC using below link. Remove the FRS object from following link of old DC.


Did you make the new server as DNS, if yes, did you change DNS on new DC to point itself as a DNS server in the NIC as well as you have to change point on all the clients or server to new DC as DNS server for name resolution else authentication will fail.

Most important point, did you configure new DC as an Authoritative time server post transferring FSMO role if old server has & you did transfer , as you new PDC has to be time server in domain as well as others new to follow the domain time hierarchy. Time server is not transferred automatic & you need to make new server as PDC as an authoritative time server to prevent authentication fail.

Configure new DC as GC as well.

Author Comment

ID: 35723550
keley, i think those are the instructions i need to use the ntdsutil properly.   i'm going to wait until later in the day to execute it just in case.   i have a full backup of the ad.   thank you very much.

wish, thanks for the detailed instructions.   if the ntdsutil fails again tonight i'll follow up with you.    and regardless, i think i'll checkout your blog.

Author Closing Comment

ID: 35725008
I wasn't running the ntsdutil.exe utility properly, based on instructions from microsoft technet, but the instructions provided here set me straight and i was able to remove the data from the long ago dead server.  no more group policy event errors and gpo's appear to be applying beautifully.   thank you.

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question