Domain controller crashed - was never demoted.
-
Monday, December 10, 2012 10:55 PM
One of our domain controllers crashed so it was never demoted. I rebuilt the server and promoted it to DC. Ever since then, I've been getting countless NTDS Replication event errors (2023 2042). I ran the repadmin /removelingeringobjects tool and it was successful. When I attempt to demote the DC, I get the following error:
The operation failed because:
Active Directory could not tranfer the remaining data in directory partition CN=Configuration,DC=####,DC=local to domain controller (domaincontrollername).
"The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime."
How can I resolve this issue?
Both controllers are Windows Server 2003 R2.- Edited by Crabby_DBA Tuesday, December 11, 2012 12:07 AM
All Replies
-
Tuesday, December 11, 2012 1:19 AM
If the server was crashed the you need to run metadata cleanup to remove the instances of faulty DC before promoting the same server with same name and ip address.
Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspxSince the server has reached tombstone lifetime period you need to demote/promote the faulty dc followed by metadata cleanup and then promte the server back as DC.You cannot demote the faulty DC gracefully you need to do forcefull removal.You need to ran dcpromo/force removal and then run matadata cleanup on other DC(healthy) to remove the instance of faulty DC from AD database and DNS.
Once done you can promote the Server back as ADC.If faulty DC is FSMO role holder you need to seize the FSMO on other DC.Also ensure Authorative time server is configured on PDC role holder server.
Reference link
Forcefull removal of DC: http://support.microsoft.com/kb/332199
Metadata cleanup: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Seize FSMO role: http://www.petri.co.il/seizing_fsmo_roles.htmConfiguring the time service on the PDC Emulator FSMO role holder
http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspxHope this helps
Best Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.- Proposed As Answer by Miguel FraMicrosoft Community Contributor Tuesday, December 11, 2012 1:25 AM
- Marked As Answer by Cicely FengMicrosoft Contingent Staff, Moderator Monday, December 17, 2012 1:31 AM
-
Wednesday, December 19, 2012 1:00 PM
Sandesh:
Your answer was everything I needed! Thanks for the excellent information!
Crabby
.png)
