Solved

Windows 2003 Active Directory Replica "Too Old" to replicate

Posted on 2014-03-14
10
433 Views
Last Modified: 2014-03-15
Hi there -- we have 3 Active Directory Controllers at a site.  One of them was off for a long time and we are trying to bring it back online and replicate the AD -- but it is giving an error that the replica is too old to replicate.  I couldn't find anything directly related to this issue online...

How can I remedy this?

Thanks in advance!
0
Comment
Question by:ParadiseITS
  • 5
  • 5
10 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39929648
You can demote that box fun a metadata cleanup and then promote it again.

Are all your boxes 2003 and does that box hold any FSMO roles.

Note it will be a forceful demtion.  dcpromo /forceremoval.

Thanks

Mike
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39929662
OK, great -- is there a specific way to do the metadata cleanup that you suggest?

I'm not sure about FSMO, I'll have to look.
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39930051
I have verified that the server in question has the RID master FSMO roles -- when I bring up the Operations Masters dialog in ADUC the Operations Master says "Error".

So I've gathered that the best thing to do is to disconnect it, do a demotion with /forceremoval, run the metadata cleanup in NTDSUtil and then rejoin?

My question is -- what happens to the RID master role when I do this?
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 39930070
are your other DCs 2008 or 2003...metadata can be done differently on 2008 that is why I'm asking.

You will have to seize that FSMO role  http://www.petri.co.il/seizing_fsmo_roles.htm

Just the RID master for you.

Thanks

Mike
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39930078
Mike -- they are all 2003 servers.  And I read that article before I responded, and what concerns me about that is the idea that "the server can never come back online" -- we want to use this as a replica backup, so we want it online.

Will that work?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39930230
what do you mean replica backup?   It can still be a dc again but you would have to repromote it after.
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39930273
We don't want it to have any FSMO roles, just to sit on the network and pitch in when needed.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 39930283
so you want it to be a DC still

SO

1.  dcpromo forceremoval  http://kpytko.pl/2011/08/30/decommissioning-broken-domain-controller/
2.  metadata cleanup  http://kpytko.pl/2011/08/29/metadata-cleanup-for-broken-domain-controller/

3. Seize the role that was on the broken box   http://kpytko.pl/2011/08/28/seizing-fsmo-roles/

Once everything replicates you can add the box back and promote.

Thanks


Mike
0
 
LVL 9

Author Closing Comment

by:ParadiseITS
ID: 39931302
Great - thank you!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39931306
No problem, glad to help
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Microsoft DNS on Windows Server 2012 R2 10 63
Active Directory Automation 8 65
Event ID 29 KDC Win 2008 R2 DC 6 22
Activity directory migration 4 23
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question