Solved

Windows 2003 Active Directory Replica "Too Old" to replicate

Posted on 2014-03-14
10
421 Views
Last Modified: 2014-03-15
Hi there -- we have 3 Active Directory Controllers at a site.  One of them was off for a long time and we are trying to bring it back online and replicate the AD -- but it is giving an error that the replica is too old to replicate.  I couldn't find anything directly related to this issue online...

How can I remedy this?

Thanks in advance!
0
Comment
Question by:ParadiseITS
  • 5
  • 5
10 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
You can demote that box fun a metadata cleanup and then promote it again.

Are all your boxes 2003 and does that box hold any FSMO roles.

Note it will be a forceful demtion.  dcpromo /forceremoval.

Thanks

Mike
0
 
LVL 9

Author Comment

by:ParadiseITS
Comment Utility
OK, great -- is there a specific way to do the metadata cleanup that you suggest?

I'm not sure about FSMO, I'll have to look.
0
 
LVL 9

Author Comment

by:ParadiseITS
Comment Utility
I have verified that the server in question has the RID master FSMO roles -- when I bring up the Operations Masters dialog in ADUC the Operations Master says "Error".

So I've gathered that the best thing to do is to disconnect it, do a demotion with /forceremoval, run the metadata cleanup in NTDSUtil and then rejoin?

My question is -- what happens to the RID master role when I do this?
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
are your other DCs 2008 or 2003...metadata can be done differently on 2008 that is why I'm asking.

You will have to seize that FSMO role  http://www.petri.co.il/seizing_fsmo_roles.htm

Just the RID master for you.

Thanks

Mike
0
 
LVL 9

Author Comment

by:ParadiseITS
Comment Utility
Mike -- they are all 2003 servers.  And I read that article before I responded, and what concerns me about that is the idea that "the server can never come back online" -- we want to use this as a replica backup, so we want it online.

Will that work?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
what do you mean replica backup?   It can still be a dc again but you would have to repromote it after.
0
 
LVL 9

Author Comment

by:ParadiseITS
Comment Utility
We don't want it to have any FSMO roles, just to sit on the network and pitch in when needed.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
Comment Utility
so you want it to be a DC still

SO

1.  dcpromo forceremoval  http://kpytko.pl/2011/08/30/decommissioning-broken-domain-controller/
2.  metadata cleanup  http://kpytko.pl/2011/08/29/metadata-cleanup-for-broken-domain-controller/

3. Seize the role that was on the broken box   http://kpytko.pl/2011/08/28/seizing-fsmo-roles/

Once everything replicates you can add the box back and promote.

Thanks


Mike
0
 
LVL 9

Author Closing Comment

by:ParadiseITS
Comment Utility
Great - thank you!
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
No problem, glad to help
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now