[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Tombstone DC's

Posted on 2013-05-24
6
Medium Priority
?
457 Views
Last Modified: 2013-05-24
Hello Experts,

I need some advice.
I have a testing lab that has 3 2008 Domain Controllers.
I have not been monitoring this domain but 2 of the DC's have stopped replicating and now are past the tombstone time limits.  These Domain controllers are up but it looks like some time in December they stopped replicating and now DNS is having a lot of issues and I need to remove them.

I cannot log into them because their DNS will not work to validate my credentials, I have tried to reset the local admin password, that won't work either.  Both of these Domain controllers did not hold any of the FSMO roles.  I want to demote them but since they are still live it's giving me issues.  Should I just power them off and force removal from the one still living?  I'm not sure how to do it since they are still detected on the network.....

Any advice is appreciated.  I did try to force replication by a change in the registry and changing the tombstone date but that didn't work.  

thank you,

Karen
0
Comment
Question by:klsphotos
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:CITG_Carl
ID: 39194357
Good afternoon,

if you turn the domain controllers off, you will have to manually clear out the schema using ADSIEDIT.msc and in DNS. The process takes around an hour, but you need to be really careful.

Have you reset your admin password since Decemeber? If so try logging into these domain controllers using the older password.

If you can log into the DC's dcpromo them out, and then back in if required

Cheers
0
 

Author Comment

by:klsphotos
ID: 39194384
I haven't changed my password, it's not doing any authentication properly because DNS is not working right due to the replication.  They won't let me in with the same password I always had.  I can get into the one with the FSMO roles still working but not the other two.
0
 
LVL 3

Accepted Solution

by:
CITG_Carl earned 2000 total points
ID: 39194391
Is the issue with the replication DNS related? Are the remote DC's using themselves as a DNS server?

If you cannot log in, you will have to remove them from the schema manually

http://support.microsoft.com/kb/555846
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 

Author Comment

by:klsphotos
ID: 39194411
Yes, the DNS is not working on these two Domain Controllers.  I can see the DNS, it's running from the one that is but it has not synched since December.  It's on looks like it's running but it's not so AD isn't working to authenticate me to get into them.  If I do a repadmin /showrepl all comes back successful, but it's not....
0
 

Expert Comment

by:userPrincipalName
ID: 39195047
Dont bother trying to resurrect a tombstoned DC.  

Your best course of action is to remove it from the domain manually using ntdsutil.  It will take you about 10 minutes (less if you are comfortable with the process) and is well documented.
http://technet.microsoft.com/en-us/library/cc736378%28v=ws.10%29.aspx
0
 

Author Comment

by:klsphotos
ID: 39195054
I removed the failed domain controllers from Sites and Services, DNS, DHCP scope and did a meta data clean up and removed from the Schema.  

Did I miss anything?  From all of these links it looks like I got it and the meta data clean up is only showing the one server, the one I am on which is what I want.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses
Course of the Month7 days, 20 hours left to enroll

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question