sysvol replication failing on w2k3 dc because of another replicating domain controller that died abrubptly

Posted on 2011-05-06
Last Modified: 2012-05-11
I am getting gpo and frs event errors on our domain controller  because of another replicated domain controller that went down abruptly quite a while ago.   In order to remove it, I accidently followed Windows 2008 instructions and removed it first from the active directory users and computers/domain controllers console.   I realized that mistake and then switched to the correct instructions and tried to run the ntsdutil.exe to clean up the metadata for the dead server.   This errors out, like it doesn't recognize the server name.   Running a dcdiag on our current domain controller indicates that replication is still failing to this non existent server.   The article below describes part of my problem, with the 1030 and 1058 errors, and the next article is the technet instructions on running the ntsdutil on w2k3.    I'm hoping to get some help here, as I don't want to guess and poke around our one and only domain controller too much.   I know, I should have a second one.   After I get through this that will be a priority.
Question by:alexsupertramp
    LVL 17

    Accepted Solution

    Try following these metadata cleanup instructions
    LVL 24

    Expert Comment

    If you have deleted the server object it might have removed the DC what you need to do now is to
    remove all the traces of removed DC manually & the place required to be looked upon is especially from all the sub folder inside _msdcs folder in DNS, name server tab, server object from NTDS in ADSS, host records from DNS. Remove the server object from ADSIEDIT.MSC using below link. Remove the FRS object from following link of old DC.

    Did you make the new server as DNS, if yes, did you change DNS on new DC to point itself as a DNS server in the NIC as well as you have to change point on all the clients or server to new DC as DNS server for name resolution else authentication will fail.

    Most important point, did you configure new DC as an Authoritative time server post transferring FSMO role if old server has & you did transfer , as you new PDC has to be time server in domain as well as others new to follow the domain time hierarchy. Time server is not transferred automatic & you need to make new server as PDC as an authoritative time server to prevent authentication fail.

    Configure new DC as GC as well.
    LVL 4

    Author Comment

    keley, i think those are the instructions i need to use the ntdsutil properly.   i'm going to wait until later in the day to execute it just in case.   i have a full backup of the ad.   thank you very much.

    wish, thanks for the detailed instructions.   if the ntdsutil fails again tonight i'll follow up with you.    and regardless, i think i'll checkout your blog.
    LVL 4

    Author Closing Comment

    I wasn't running the ntsdutil.exe utility properly, based on instructions from microsoft technet, but the instructions provided here set me straight and i was able to remove the data from the long ago dead server.  no more group policy event errors and gpo's appear to be applying beautifully.   thank you.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
    Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now