Unable to Sync between Additional Domain Controller and Primary Domain Controller
Hi,
We are running Active Directory and DNS Server on the Same Windows Server 2008 R2 as Virtual Machine on vSphere 5 Platform. Since it is for College environment every month we have to delete or create 1000 users. Recently iSCSI based Storage which is used to store the Virtual Machines (Includes Active Directory VM also) is corrupted. Then we have restored the Active Directory Server from the Clone image (of Active Directory) which was taken in Dec 2012. Here Some client machines are authenticating to the Active Directory but still some client machines are authenticating through ADC. But ADC unable to sync from PDC. What can do now in order to sync ADC from PDC. I executed dcdiag on the ADC also.
out.txt
We are running Active Directory and DNS Server on the Same Windows Server 2008 R2 as Virtual Machine on vSphere 5 Platform. Since it is for College environment every month we have to delete or create 1000 users. Recently iSCSI based Storage which is used to store the Virtual Machines (Includes Active Directory VM also) is corrupted. Then we have restored the Active Directory Server from the Clone image (of Active Directory) which was taken in Dec 2012. Here Some client machines are authenticating to the Active Directory but still some client machines are authenticating through ADC. But ADC unable to sync from PDC. What can do now in order to sync ADC from PDC. I executed dcdiag on the ADC also.
out.txt
you've tried replicate now ?
http://technet.microsoft.com/en-us/library/cc816926%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc816926%28v=ws.10%29.aspx
Never restore a domain controller like this or you'll end up in a world of pain!
Do you have at least one original unaffected domain controller in existence (?the PDC you mention) as well as this restored one? If so, I suspect you would be best decommissioning the restored one, doing a metadata cleanup to remove references to it and then manually installing a new DC and let replication do the rest.
Do you have at least one original unaffected domain controller in existence (?the PDC you mention) as well as this restored one? If so, I suspect you would be best decommissioning the restored one, doing a metadata cleanup to remove references to it and then manually installing a new DC and let replication do the rest.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You have to either flush the secondary and rejoin the primary after restore.
The other problem you will run into is that systems will have different machine passwords than the AD and will not be able to authenticate (loss of trust) which will require you to rejoin all the systems from the beginign.
The sync issue is the rid master has a different count then the one on the secondary.
For future reference, use powershell to deactivate/delete users or add/create new ones.
A image can only be done when you have a single DC (which is not advisable) ref issue with workstations/systems from before..