active directory, domain controller
Out of 10 DC , 2 DC were offline because of some firewall issue they could not communicate with other DC because of KCC failures generated (
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.)
now we are bring the 2 DC online as firewall issue is resolved
do we need to do any authoritative or non authoritative restore of domain partition on those 2 domain controller. ( in what situation we might need ?)
is this same as sysvol restore?
as i fear of any lingering objects ?
ASKER
they were not down , but online and not replicating with other dc.
they are not crashed
they are not crashed
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What happens after 30 days?
ASKER
Th÷re won't be any lingering objects within 30 days?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The 2 DC were online but just not replicating due to firewall blockade
The only thing is how should I make Sure it is non authoritative when replication starts after firewall ports are opened
The only thing is how should I make Sure it is non authoritative when replication starts after firewall ports are opened
ASKER
I got further confused when my boss mentioned make sure I know how to do auth restore of domain partition
On those affected 2 DC
I don't know from what perspective he mentioned
On those affected 2 DC
I don't know from what perspective he mentioned
ASKER
if the DC which was not replicating with the partners for 20 days , is now working ok as firewall ports have been opened, so how will i make sure it is replicating and getting updates from other DC's rather this DC which is replicating to others
you mentioned something about non autharitative, if u could kindly elaborate
would appreciate
you mentioned something about non autharitative, if u could kindly elaborate
would appreciate
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
so when the 2 DC starts talking to other DC's
i should run repadmin /kcc (to force the analysis of replication architecture)
repldmin /syncall (to force synchronization with all other DCs from 1 of these DC's
my last question , when do you think in what circumstances i should go for non authoriative mode on these 2 DC's
i should run repadmin /kcc (to force the analysis of replication architecture)
repldmin /syncall (to force synchronization with all other DCs from 1 of these DC's
my last question , when do you think in what circumstances i should go for non authoriative mode on these 2 DC's
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i didnt get it , in my case where the 2 DC will be replicating now with other partners
i should first use repadmin /kcc (to force the analysis of replication architecture)
repldmin /syncall (to force synchronization with all other DCs
my question again was why should i go for restore mode in my case?
i should first use repadmin /kcc (to force the analysis of replication architecture)
repldmin /syncall (to force synchronization with all other DCs
my question again was why should i go for restore mode in my case?
ASKER
i mean what should i do to go for non auth mode,
should i reboot the 2 dc in non auth mode first and then do kcc force commands?
should i reboot the 2 dc in non auth mode first and then do kcc force commands?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ty sir
If they are simple DCs, it may be easier to just recreate the VMs.