dankyle67
asked on
using adsi edit to change tombstone date
Hi,
We have a domain controller at a remote office site that has gone into tombstone after not replicating for 5months and someone had explained to me that i could use adsi edit in mmc snap ins to change the value of the tombstone. I actually saw where the entry is under cn=configuration,dc=forest rootdomain name,cn=se rvices and cn=windows NT and after right clicking cn=directoryservice properties i located the tombstoneLifetime under attributes column but did not want to proceed without confirmation of what date i should enter and also if i should even do this since i could also do the dcpromo /forceremoval on the tombstoned domain controller. Problem is that nobody in that remote site is computer savvy so if i do the adsi edit route i could do it without their help. I already know the exact date of the last successful replication with that server and also very few changes have been made to active directory since that last replication so it seems this would be a good option. Would i also still have to remove lingering objects after this step or would it not be necessary? Thanks.
We have a domain controller at a remote office site that has gone into tombstone after not replicating for 5months and someone had explained to me that i could use adsi edit in mmc snap ins to change the value of the tombstone. I actually saw where the entry is under cn=configuration,dc=forest
ASKER
Can I do the metadata cleanup first or do I have to do the demote first? I will have to do a dcpromo / forceremoval since it didn't allow me to do a normal dcpromo demote the first time I tried it but do I have to disconnect the server from the LAN?
Doesn't matter as the demotion won't be replicated to the other DCs anyway. You can just demote then metadata cleanup. After all of the DCs have replicated the metadata cleanup, you can repromote the DC.
ASKER
Ok but do I have to disconnect the failed dc LAN cable prior to running the dcpromo /forceremoval? I want to get that server promoted as fast as possible after I demote it so that's why I was thinking of doing all the metadata stuff ahead of time so that all that would be left for the person I'm giving instructions at that remote site to do would be to demote then promote it and hopefully the primary domain controller in the main office will allow the replication to occur.
You dont have to disconnect and can do either in parallel. They are independent steps, so if you have a large domain/convergence time, you can can metadata first if you like.
ASKER
ok thanks for confirmin that. Also, since the other machines and users on this remote site have been using the failed domain controller to log into the domain and for some reason they are accessible thru the tombstoned dc, will i have to rejoin their pcs to the domain after the promotion is successful and replication has taken place? Currently they get trust relationsip errors when loggging in so i guess this is due to fact that they are not able to access a working domain controller
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks again for the good info.
You have to demote, metadata cleanup, and repromote the DC.
http://books.google.com/books?id=9QoLAAAAQBAJ&pg=PA578&lpg=PA578&dq=tombstone+lifetime+domain+controller+demote&source=bl&ots=QheWpotI3_&sig=eaElzzKlO7wm0WfyuwY9bp-Sj2Y&hl=en&sa=X&ei=5KiXUvraCovmoAS2xYCACA&ved=0CB4Q6AEwBg#v=onepage&q=tombstone%20lifetime%20domain%20controller%20demote&f=false