Active directory replication problem
Hi
my PDC failed and i restored it from a backup (No BDC), once restore is completed, i see no replication takes place between my PDC and any of the child domains. from sites and services i receive the message saying :
the following error occurred during the attempt to synchronize naming context (child domain) to the domain controller ROOTPDC:
the naming context is in the process of being removed or is not replicated from the specific server.
this operation will not continue.
I have many child domains and it gives the same error for every single one of them. any idea why this happens or how to solve it?
my PDC failed and i restored it from a backup (No BDC), once restore is completed, i see no replication takes place between my PDC and any of the child domains. from sites and services i receive the message saying :
the following error occurred during the attempt to synchronize naming context (child domain) to the domain controller ROOTPDC:
the naming context is in the process of being removed or is not replicated from the specific server.
this operation will not continue.
I have many child domains and it gives the same error for every single one of them. any idea why this happens or how to solve it?
ASKER
I read it in a site that this could be transitive, i waited for about a day but nothing happened. Actually there was a BDC to this PDC but even PDC and BDC in the central office could not replicate, i another site i read that if PDC and BDC could not replicate in the central site, child domains could not also replicate, and since i could not make these two domain controllers replicate, i had to demote the BDC hoping that not having BDC could make my child domains replicated and if so, i could make another BDC later. demoting PDC did not help at all. It all started when i restored the PDC from a backup and i could not login with the Enterprise admin account into the DC, my passwords and even my old password did not work, so I cracked the password and i managed to login, but now when i try to replicate it says access is denied, I also tried to change the password to the one i knew was correct to see if this is the password issue stopping the replication but still no success.
anyways, one question, lets imagine there has been no backup and PDC and BDC in the central office are both down to the metal, is there any way we can bring up a whole new domain controller and have child domains join to the new parent?
Any luck?
anyways, one question, lets imagine there has been no backup and PDC and BDC in the central office are both down to the metal, is there any way we can bring up a whole new domain controller and have child domains join to the new parent?
Any luck?
updating...
It all started when i restored the PDC from a backup and i could not login with the Enterprise admin account into the DC, my passwords and even my old password did not work, so I cracked the password and i managed to login, but now when i try to replicate it says access is denied, I also tried to change the password to the one i knew was correct to see if this is the password issue stopping the replication but still no success.
Considering that your current passwords were not working, this tells me that your backup was most likely an old backup.
If making any DC authoritative, the PDC Emulator as authoritative is preferable, since its SYSVOL contents are usually most up to date.
The use of the authoritative flag is only necessary if you need to force synchronization of all DCs. If only repairing one DC, simply make it non-authoritative and do not touch other servers.
http://support.microsoft.com/kb/2218556
In your case; your PDC had no peers to replicate from so it cannot retrieve the domain information from any other DC's.
Can't say that I've done this in parent-child domain as I've always had a 2nd DC in each domain, but you can try a non-authoritative restore on your PDC in the Parent site.
If that doesn't work then you'll need to run an authoritative restore as per the MS KB article.
could you advise how old your backup was please?
If this was quite old, you will be unable to fix the issue due to limitations in Active Directory and the 'Tombstoning' effect.
Also, the parent AD will have effectively suffered a USN rollback, while the child domains haven't, meaning they are all out of sync.
If this is the case, there is no solution as your AD simply cannot get back in sync.
If the backup was very recent, we may be able to offer some help.
Let us know what events are being logged on the PDC, particularly AD/DNS ones.
If this was quite old, you will be unable to fix the issue due to limitations in Active Directory and the 'Tombstoning' effect.
Also, the parent AD will have effectively suffered a USN rollback, while the child domains haven't, meaning they are all out of sync.
If this is the case, there is no solution as your AD simply cannot get back in sync.
If the backup was very recent, we may be able to offer some help.
Let us know what events are being logged on the PDC, particularly AD/DNS ones.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
This can be a transitive errors. If the error continue after 1 day is not good.
Anyway one DC rot the root domain wasn't an excellent ideea.
Dan