Solved

Windows 2003 Active Directory Replica "Too Old" to replicate

Posted on 2014-03-14
10
434 Views
Last Modified: 2014-03-15
Hi there -- we have 3 Active Directory Controllers at a site.  One of them was off for a long time and we are trying to bring it back online and replicate the AD -- but it is giving an error that the replica is too old to replicate.  I couldn't find anything directly related to this issue online...

How can I remedy this?

Thanks in advance!
0
Comment
Question by:ParadiseITS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39929648
You can demote that box fun a metadata cleanup and then promote it again.

Are all your boxes 2003 and does that box hold any FSMO roles.

Note it will be a forceful demtion.  dcpromo /forceremoval.

Thanks

Mike
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39929662
OK, great -- is there a specific way to do the metadata cleanup that you suggest?

I'm not sure about FSMO, I'll have to look.
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39930051
I have verified that the server in question has the RID master FSMO roles -- when I bring up the Operations Masters dialog in ADUC the Operations Master says "Error".

So I've gathered that the best thing to do is to disconnect it, do a demotion with /forceremoval, run the metadata cleanup in NTDSUtil and then rejoin?

My question is -- what happens to the RID master role when I do this?
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 39930070
are your other DCs 2008 or 2003...metadata can be done differently on 2008 that is why I'm asking.

You will have to seize that FSMO role  http://www.petri.co.il/seizing_fsmo_roles.htm

Just the RID master for you.

Thanks

Mike
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39930078
Mike -- they are all 2003 servers.  And I read that article before I responded, and what concerns me about that is the idea that "the server can never come back online" -- we want to use this as a replica backup, so we want it online.

Will that work?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39930230
what do you mean replica backup?   It can still be a dc again but you would have to repromote it after.
0
 
LVL 9

Author Comment

by:ParadiseITS
ID: 39930273
We don't want it to have any FSMO roles, just to sit on the network and pitch in when needed.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 39930283
so you want it to be a DC still

SO

1.  dcpromo forceremoval  http://kpytko.pl/2011/08/30/decommissioning-broken-domain-controller/
2.  metadata cleanup  http://kpytko.pl/2011/08/29/metadata-cleanup-for-broken-domain-controller/

3. Seize the role that was on the broken box   http://kpytko.pl/2011/08/28/seizing-fsmo-roles/

Once everything replicates you can add the box back and promote.

Thanks


Mike
0
 
LVL 9

Author Closing Comment

by:ParadiseITS
ID: 39931302
Great - thank you!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39931306
No problem, glad to help
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question