WIZU2
asked on
Netlogin incorrect AD
I getting the following error. Does anyone know how to fix this?
Last Status Message: Error detected in Windows Active Directory configuration. The Domain GUID {E62D9AE3-8490-4C97-8BA1-8
Last Status Message: Error detected in Windows Active Directory configuration. The Domain GUID {E62D9AE3-8490-4C97-8BA1-8
Cliff Galiher
You should disjoin and rejoin the domain. This error most often occurs when a sysadmin chooses to build a new domain instead of migrating and chooses to use the same domain name. Since AD uses DNS, queries using that domain name succeed, but then attempting to establish a connection reveals that the domain has a new GUID because of the rebuild.
Hi,
1. when did you start getting these errors ?
2. run DCDIAG /V and see the errors.
3. run \\domainname and see the sysvol share.
1. when did you start getting these errors ?
2. run DCDIAG /V and see the errors.
3. run \\domainname and see the sysvol share.
ASKER
I migrated this domain from a 2003 SBS into a 2012/2008 DC environment. So your saying I would have to demote these DCs and then re-join them? Seems like there should be an easier way.
How did you migrate?
ASKER
I put a 2008 DC on network. Then demoted SBS and forced it to be a member server.
SBS doesn't support being a member server. Ao that'll be a problem. And did you join the 2008 machine to the SBS domain and let it fully replicate? Or did you just make it a new DC? If you didn't verify replication, that'll be another problem.
While you can take steps during a migration to make things easier, you are already beyond that point because of choices or steps made (forcing SBS to be a member serve is a BIG one of those choices.) Your looking at disjoining and rejoining, and removing SBS altogether.
While you can take steps during a migration to make things easier, you are already beyond that point because of choices or steps made (forcing SBS to be a member serve is a BIG one of those choices.) Your looking at disjoining and rejoining, and removing SBS altogether.
Now where your FSMO roles exists ?
If its already migrated to 2008 DC, then shutdown SBS server and check if you are able to logon to domain, domain controller and your application servers are working
Needless to mention that please point network card dns on all servers and 2008 DC also to 2008 domain controller only and check if it works
Mahesh.
If its already migrated to 2008 DC, then shutdown SBS server and check if you are able to logon to domain, domain controller and your application servers are working
Needless to mention that please point network card dns on all servers and 2008 DC also to 2008 domain controller only and check if it works
Mahesh.
ASKER
Getting all kind of errors when I run dcdiag about not being able to process group policy and netlogon. There were no script or policy folders in the sysvol folder under domains. I think I need to run a non-authoritative restore.
pls share the output so that we can suggest some solution.
How many domain controllers do you have now
I guess only one
if you have only one DC, sysvol authoritative and non authoritative restore will not help as there is no data to restore since SBS server is already decommissioned.
What happened here is, you have promoted new 2008 ADC , you have not cross checked that sysvol is replicated or not and you have forcefully decommissioned SBS server
Now there is no GPOs in sysvol, am I correct ?
In that case I only seen two options
Shutdown 2008 ADC server 1st
Just make authoritative restore of AD system state on SBS server if you already have
Upon restoration check if FSMO roles are found on SBS, if not seize the same on SBS
Then remove 2008 ADC from active directory manually and remove any metadata for that
Format your 2008ADC in isolated network and promote it as ADC properly, check if everything is working and then transfer FSMO on to 2008 ADC and simply demote SBS
OR
If you don't have system state backup, you need to follow below article and rebuild sysvol from scratch on 2008 ADC
http://searchwindowsserver.techtarget.com/tip/How-to-rebuild-the-SYSVOL-tree-when-none-exists-in-Active-Directory
Mahesh.
I guess only one
if you have only one DC, sysvol authoritative and non authoritative restore will not help as there is no data to restore since SBS server is already decommissioned.
What happened here is, you have promoted new 2008 ADC , you have not cross checked that sysvol is replicated or not and you have forcefully decommissioned SBS server
Now there is no GPOs in sysvol, am I correct ?
In that case I only seen two options
Shutdown 2008 ADC server 1st
Just make authoritative restore of AD system state on SBS server if you already have
Upon restoration check if FSMO roles are found on SBS, if not seize the same on SBS
Then remove 2008 ADC from active directory manually and remove any metadata for that
Format your 2008ADC in isolated network and promote it as ADC properly, check if everything is working and then transfer FSMO on to 2008 ADC and simply demote SBS
OR
If you don't have system state backup, you need to follow below article and rebuild sysvol from scratch on 2008 ADC
http://searchwindowsserver.techtarget.com/tip/How-to-rebuild-the-SYSVOL-tree-when-none-exists-in-Active-Directory
Mahesh.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Because it fixed solution