Why the AD connection objects do not updated?

This is using a Windows 2003/2008 AD domain. There are 3 DCs, 2 located at siteA, and 1 located at siteB. At site A, DC1 is W2K8 32-bit, and DC2 is W2K3 64-bit Enterprise edition. At site B, DC3 is W2K3 server.

According to the planning, we have to decomm DC2 as its hardware too old. I have moved all 5 fsmo to DC1. I open AD sites and services, and found that there are 2 AD sites - Site A (with DC1 & DC2), and Site B (with DC3). And then I check the each DC's NTDS settings as follows:

         DC1 - only 1 connection object with DC2
         DC2 - has 2 connection objects with DC1, and DC3
         DC3 - only 1 connection with DC3

Looks like DC2 is the site's "bridgehead server". I also found that DC2 is the ISTG (Intersite Topology Generator) for site A. Now, I exchange the roles between DC1 and DC2, so as, DC1 is having 2 connection objects to DC2 and DC3. The changes were allowed, but, when I select to "replicate now" on connection objects (with DC3), it doesn't show the normal AD domain service is replicated. Instead it shows:

one or more of these ad domain services connections between these domain controllers in different sites. AD DS will attend to replicate across these connections. For information about these connection, check support.

What's went wrong? What would be the "best practice" to decomm the old DC? Shall I just demote it and expect updates/changes made on all the ad? or else?

Thanks in advance.
LVL 1
MichaelBalackAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Radhakrishnan RSenior Technical LeadCommented:
Hi,

After demoting the old DC, have you performed metadata cleanup, removing all the DNS entries for the demoted DC?

DNS has major role for replication. I think you left out some DNS entries for the old server. I would suggest to start looking into that area.
0
MichaelBalackAuthor Commented:
Hi Radhakrishnan,

I am yet demoted dc2. Shall i demote it and then perform metadata cleanup so as no dc2 entries left in dns?

And then what am i suppose to do on ad sites and services?
0
Radhakrishnan RSenior Technical LeadCommented:
Yeah you can demote the DC (of course after transferring FSMO if any exists on that server). Run Metadata cleanup which will remove the AD site link, if not manually remove them. You need to expand each node of the DNS zone and delete all the corresponding DNS entries for that server.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

MichaelBalackAuthor Commented:
Hi Radhakrishnan,

How about the ad sitelink, shall i create a new one?
0
MaheshArchitectCommented:
You have only TWO AD sites, the Defaultipsitelink is enough and you don't have to create new IP site link
Also as far as concern to replication message, its correct
If you replicate DCs across sites, this is the expected behavior.

You haven't demoted old DC yet, so you can demote it any time
Before demoting it, make sure that you will change primary DNS address in network card IpV4 properties and point it to current PDC and then reboot this DC once
Also make sure that this DC IP is not configured anywhere statically
After that run dcpromo to demote this DC

If you face any errors, forcefully demote this DC with dcpromo / forceremoval switch.
Then do metadata cleanup from 2k8 PDC server (DC1)
https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

After that remove failed DC entries from DNS zones (SRV, NS records etc), AD sites and services and you should be fine.
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
You should manually change the bridgehead, ensure replication is working and then demote DC2.  After the demotion, you could also click on the option "Check Topology Configuration".  Also note that if you demote the server, AD Replication will correct the replication connectors but I recommend you ensure it is working prior to making infrastructure changes (i.e. demotion).
0
MichaelBalackAuthor Commented:
okay, I will check
0
MichaelBalackAuthor Commented:
Thanks for the 3 experts' guidance. Rad's main point is to conduct the metadata cleanup; Mahesh's main point is on checking the defaultipsitelink; and Mohammad's points on replication and check topology configuration. After transfering the 5 fsmo, demoting the old DC, conducts the metadata cleanup; i managed to create the ad connection object and eventually replication cross the sites working fine.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.