If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.
Course Of The Month
2 days, 11 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
sysvol and netlogon missing but i still have old domain controller
Posted on 2016-07-16
My scenario is this, I started with a network of two 2008 servers acting as domain controllers. I added a 2012r2 server and then transferred the FSMO roles to it and set it as a global catalog server and then removed the two 2008 servers from being global catalog servers. I then demoted the first of the two servers. At this point I noticed the 2012r2 server did not have the sysvol and netlogon directory so I pointed DNS to it and had it assume FSMO roles. Active directory is working on my network again, but I still have the 2012r2 server that is not working properly. I have found articles about an authoritive and non-authoritive restore but I don't want to force this server into production if it isn't necessary. I would rather do it via normal processes.
My question is this, can I simply demote it and promote it again and see if it will work properly on a second attempt?
can anyone explain the risks of using an authoritive or non-authoritive restore?
My question is this, can I simply demote it and promote it again and see if it will work properly on a second attempt?
can anyone explain the risks of using an authoritive or non-authoritive restore?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
3 Comments
If you have a solid working Server 2008 DC and the 2012 is just not working right, yes, you can demote it and remove it from the domain and then re-do -- but if you do that I would fully reinstall as well to get new SIDs.
But... this has happened to me a couple of times and it's not too difficult to just do a non-authoritative synchronization to get it working correctly. Instructions for that are here:
https://support.microsoft.com/en-us/kb/2218556
But... this has happened to me a couple of times and it's not too difficult to just do a non-authoritative synchronization to get it working correctly. Instructions for that are here:
https://support.microsoft.com/en-us/kb/2218556
By the way... don't think of non-authoritative as being worse... it's actually the default directory services restore mode. What it means is that data doesn't get overwritten -- whereas an Authoritative restore/sync will overwrite data even if that data is newer than what is being copied.
I did end up demoting and repromoting the server but that didn't fix the problem. the ultimate solution was to perform an authoritive restore and manually sharing the sysvol folder (it didn't work until the sysvol was manually shared at which point netlogon automatically shared...within seconds) Very strange resolution but everything has been perfect on the domain since.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| Run .vbs file as admin on remote computers | 8 | 33 | |
| Run powershell against OU | 7 | 79 | |
| is a device online | 4 | 46 | |
| How to create a GPO to turn on Wired AutoConfig | 1 | 11 |
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012.
Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease.
The following video show how to bind OSX Mavericks to …
Suggested Courses
Course of the Month2 days, 11 hours left to enroll
752 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.