Akash Bansal
asked on
after demoting a Windows 2016 std DC & again promoting it, NETLOGON & SYSVOL shares are not recreated.
https://www.experts-exchange.com/questions/29017917/how-to-demote-a-DC-microsoft-server-2016.html?anchor=a42104434¬ificationFollowed=187931955&anchorAnswerId=42104434#a42104434
As per above link, I have demoted a DC. Promoting the demoted DC is having issues, the SYSVOL & NETLOGON shares are not created.
Though blank sysvol was recreating by using: https://support.microsoft.com/en-in/help/947022/the-netlogon-share-is-not-present-after-you-install-active-directory-domain-services-on-a-new-full-or-read-only-windows-server-2008-based-domain-controller
but not NETLOGON folder share.
WHat should I do?
As per above link, I have demoted a DC. Promoting the demoted DC is having issues, the SYSVOL & NETLOGON shares are not created.
Though blank sysvol was recreating by using: https://support.microsoft.com/en-in/help/947022/the-netlogon-share-is-not-present-after-you-install-active-directory-domain-services-on-a-new-full-or-read-only-windows-server-2008-based-domain-controller
but not NETLOGON folder share.
WHat should I do?
can you run "dcdiag /v" on PDC server and post results here
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
...the shares are not created...typo...
ASKER
Both the machines are in the same physical host and ad has 15 users only. So was not expecting an instant replication. I made checkpoints before experimenting on creating shared sysvol. Have safely rollback.
Now i have demoted the machine. Considering to discard it. Have shutdown the demoted vm. Waiting if everything goes smoothly.
Would create a new machine if shutdown that machine do not create any issue.
Dcdiag is not showing any issue on now primary domain controller except a few security recommendations,
Now i have demoted the machine. Considering to discard it. Have shutdown the demoted vm. Waiting if everything goes smoothly.
Would create a new machine if shutdown that machine do not create any issue.
Dcdiag is not showing any issue on now primary domain controller except a few security recommendations,
the purpose of running dcdiag is to check if sysvol is healthy on PDC server and if there are any DNS lookup problems?
"Net Share" showing netlogon and sysvol shared on PDC?
Are you able to locate GPOs under sysvol on PDC?
From client machines, are you able to locate and access sysvol and netlogon share on PDC server?
How DNS is configured on PDC, it is pointing to itself own IP as preferred DNS or its pointing to loopback IP?
If its pointing to loopback or any other DC, point it to itself own IP and restart netlogon service
If sysvol status is not correct on PDC, you need to do authoritative restore of sysvol on PDC server...I believe you have directly deployed 2016 AD server and hence you have DFSR sysvol, follow below article on PDC to do sysvol authoritative restore
https://www.experts-exchange.com/articles/17360/Active-Directory-DFSR-Sysvol-Authoritative-and-Non-Authoritative-Restore-Sequence.html
Then follow same article above to do sysvol non authoritative restore on ADC server
OR
If everything above is fine on PDC, then try DFSR sysvol non-authoritative restore on ADC server, follow same article above
Mahesh.
"Net Share" showing netlogon and sysvol shared on PDC?
Are you able to locate GPOs under sysvol on PDC?
From client machines, are you able to locate and access sysvol and netlogon share on PDC server?
How DNS is configured on PDC, it is pointing to itself own IP as preferred DNS or its pointing to loopback IP?
If its pointing to loopback or any other DC, point it to itself own IP and restart netlogon service
If sysvol status is not correct on PDC, you need to do authoritative restore of sysvol on PDC server...I believe you have directly deployed 2016 AD server and hence you have DFSR sysvol, follow below article on PDC to do sysvol authoritative restore
https://www.experts-exchange.com/articles/17360/Active-Directory-DFSR-Sysvol-Authoritative-and-Non-Authoritative-Restore-Sequence.html
Then follow same article above to do sysvol non authoritative restore on ADC server
OR
If everything above is fine on PDC, then try DFSR sysvol non-authoritative restore on ADC server, follow same article above
Mahesh.
ASKER
Everything is fine at PDC
Absolutely no issue. Yes its DNS setting is pointing to its own IP.
I guess I should make a new VM if needed instead of promoting messed up machine.
Absolutely no issue. Yes its DNS setting is pointing to its own IP.
I guess I should make a new VM if needed instead of promoting messed up machine.
have you tried non authoritative restore of sysvol on ADC?
you have only 15 users, you can simply rename DC hostname and try promoting it again....
This will create issues with CA server role if already have on ADC server, but you can ignore CA server as you have only 15 users, U can setup new fresh CA if wanted to later on
Mahesh.
you have only 15 users, you can simply rename DC hostname and try promoting it again....
This will create issues with CA server role if already have on ADC server, but you can ignore CA server as you have only 15 users, U can setup new fresh CA if wanted to later on
Mahesh.
ASKER
I tried a non-authoritative restore of DFSR SYSVOL (like "D2" for FRS)
but the file replication service was disabled & I couldn't start it.
The command i issued was: net start ntfrs
but the file replication service was disabled & I couldn't start it.
The command i issued was: net start ntfrs
The article provided for non authoritative restore referring to DFSR sysvol and not FRS sysvol
why you wanted to start NTFRS service, it cannot be started as your sysvol is replicating with DFSR service
why you wanted to start NTFRS service, it cannot be started as your sysvol is replicating with DFSR service
ASKER
Ok. I tried as per some suggestion at a blog. Thanks for correcting me.
ASKER
I have shut down the BDC. Have already transferred all the dependencies. I wish I do not need that BDC now.
I haven't setup CA service yet. As the CA service had issues only a few certificates to BDC & PDC. I hope it won't be problem.
On the exchange server machine I used paid certificates.
I haven't setup CA service yet. As the CA service had issues only a few certificates to BDC & PDC. I hope it won't be problem.
On the exchange server machine I used paid certificates.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Mr. Mahesh,
I am aware of BDC is no longer used, I used the term for the sake of clarity that I am referring to a DC that does not have all the roles just like you used the word PDC.
Yes I have setup a daily backup at the host.
I had the essential role installed in that server, moved all the folder redirection to a dedicated VM. If I would miss essential role, I would install it to another machine.
I am seeking the alternative to Essential role, if you like I can open a new thread to discuss on this.
I am aware of BDC is no longer used, I used the term for the sake of clarity that I am referring to a DC that does not have all the roles just like you used the word PDC.
Yes I have setup a daily backup at the host.
I had the essential role installed in that server, moved all the folder redirection to a dedicated VM. If I would miss essential role, I would install it to another machine.
I am seeking the alternative to Essential role, if you like I can open a new thread to discuss on this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Though still did not verify the solution. I have discarded the messed up VM.