?
Solved

Windows 2003 Active Directory Replica "Too Old" to replicate

Posted on 2014-03-14
10
Medium Priority
?
436 Views
Last Modified: 2014-03-15
Hi there -- we have 3 Active Directory Controllers at a site.  One of them was off for a long time and we are trying to bring it back online and replicate the AD -- but it is giving an error that the replica is too old to replicate.  I couldn't find anything directly related to this issue online...

How can I remedy this?

Thanks in advance!
0
Comment
Question by:ParadiseITS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39929648
You can demote that box fun a metadata cleanup and then promote it again.

Are all your boxes 2003 and does that box hold any FSMO roles.

Note it will be a forceful demtion.  dcpromo /forceremoval.

Thanks

Mike
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39929662
OK, great -- is there a specific way to do the metadata cleanup that you suggest?

I'm not sure about FSMO, I'll have to look.
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39930051
I have verified that the server in question has the RID master FSMO roles -- when I bring up the Operations Masters dialog in ADUC the Operations Master says "Error".

So I've gathered that the best thing to do is to disconnect it, do a demotion with /forceremoval, run the metadata cleanup in NTDSUtil and then rejoin?

My question is -- what happens to the RID master role when I do this?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 39930070
are your other DCs 2008 or 2003...metadata can be done differently on 2008 that is why I'm asking.

You will have to seize that FSMO role  http://www.petri.co.il/seizing_fsmo_roles.htm

Just the RID master for you.

Thanks

Mike
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39930078
Mike -- they are all 2003 servers.  And I read that article before I responded, and what concerns me about that is the idea that "the server can never come back online" -- we want to use this as a replica backup, so we want it online.

Will that work?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39930230
what do you mean replica backup?   It can still be a dc again but you would have to repromote it after.
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39930273
We don't want it to have any FSMO roles, just to sit on the network and pitch in when needed.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 39930283
so you want it to be a DC still

SO

1.  dcpromo forceremoval  http://kpytko.pl/2011/08/30/decommissioning-broken-domain-controller/
2.  metadata cleanup  http://kpytko.pl/2011/08/29/metadata-cleanup-for-broken-domain-controller/

3. Seize the role that was on the broken box   http://kpytko.pl/2011/08/28/seizing-fsmo-roles/

Once everything replicates you can add the box back and promote.

Thanks


Mike
0
 
LVL 9

Author Closing Comment

by:ParadiseITS
ID: 39931302
Great - thank you!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39931306
No problem, glad to help
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question