DC is not in the domain controller's OU

Všechny reakce

• 

  

  1

  Přihlásit se a hlasovat

  Assuming other DCs, you might transfer or seize roles to another healthy one, demote, reboot, promote again.

   

   

  ---

  
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows Server] Datacenter Management
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
  

  pondělí 18. listopadu 2019 22:45

  Reagovat

  |

  Citovat
• 

  

  0

  Přihlásit se a hlasovat

  No DC2 is the only domain controller in the domain.

  úterý 19. listopadu 2019 7:17

  Reagovat

  |

  Citovat
• 

  

  0

  Přihlásit se a hlasovat

  Hello,
  
  Thank you for posting in our forum.
  
  Agree with Dave.If we have other DCs ,we should transfer/seize FSMO roles to another healthy DC,then demote old DC,reboot,promote again.
  
  For the transfer of FSMO roles, we can refer to:Step-By-Step: Migrating Active Directory FSMO Roles From Windows Server 2012 R2 to 2016 
  
  For demoting old DC, we can refer to:Demoting Domain Controllers and Domains 
  
  
  More information about metadata clean up please refer to the following article:Clean up Active Directory Domain Controller server metadata  
  
  Best regards,
  Cynthia
  

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  úterý 19. listopadu 2019 8:33

  Reagovat

  |

  Citovat
• 

  

  0

  Přihlásit se a hlasovat

  I found this guide which i think apply:

  https://support.microsoft.com/en-au/help/2022387/active-directory-replication-error-8453-replication-access-was-denied

  But I'm not able to "7 . Double-click the UserAccountControl attribute, and then record its decimal value" because the attribute don't show up in the list.

  úterý 19. listopadu 2019 9:46

  Reagovat

  |

  Citovat
• 

  

  1

  Přihlásit se a hlasovat

  No DC2 is the only domain controller in the domain.

  Please run;

  • Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
  • repadmin /showrepl >C:\repl.txt
  • ipconfig /all > C:\dc1.txt
  • ipconfig /all > C:\dc2.txt
    
    then put unzipped text files up on OneDrive and share a link.

   

   

  
  

  ---

  
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows Server] Datacenter Management
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
  

  úterý 19. listopadu 2019 13:16

  Reagovat

  |

  Citovat
• 

  

  0

  Přihlásit se a hlasovat

  Hi Dave,

  The link: https://1drv.ms/u/s!AtStjN0soI68gR1oI86rimSXxDuv?e=c51Ncm

  /Lars

  úterý 19. listopadu 2019 13:42

  Reagovat

  |

  Citovat
• 

  

  0

  Přihlásit se a hlasovat

  There is only ONE domain controller and an Exchange server (both 2016 4393.3326 / CU11) in the domain.

  /Lars

  úterý 19. listopadu 2019 13:46

  Reagovat

  |

  Citovat
• 

  

  1

  Přihlásit se a hlasovat

  I'd check in ADUC that the domain controller is in Domain Controllers OU

  Also appears that the userAccountControl attribute is 0x1000 where it should be 0x82000

  https://support.microsoft.com/en-us/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties

   

   

  ---

  
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows Server] Datacenter Management
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
  

  úterý 19. listopadu 2019 13:57

  Reagovat

  |

  Citovat
• 

  

  0

  Přihlásit se a hlasovat

  Yes i have figured out that the "MachineAccount" is set to 0x1000 = ( WORKSTATION_TRUST_ACCOUNT ) => 0x82000.

  I can't find the MachineAccount" in ADUC.

  I tried to fix it according to (as mentioned just before your first posting): https://support.microsoft.com/en-au/help/2022387/active-directory-replication-error-8453-replication-access-was-denied

  I'm logged in as domain\administrator.

  úterý 19. listopadu 2019 14:12

  Reagovat

  |

  Citovat
• 

  

  1

  Přihlásit se a hlasovat

  Should find it here.

   

  

   

   

   

  ---

  
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows Server] Datacenter Management
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
  

  • Označen jako odpověď Regamoks úterý 19. listopadu 2019 17:44

  úterý 19. listopadu 2019 14:37

  Reagovat

  |

  Citovat
• 

  

  0

  Přihlásit se a hlasovat

  All OU folders are missing - screen dump:

  https://1drv.ms/u/s!AtStjN0soI68ezjHf6lyFfcsrd4?e=ey7Mzo

  úterý 19. listopadu 2019 16:14

  Reagovat

  |

  Citovat
• 

  

  1

  Přihlásit se a hlasovat

  May need to restore a known good recent backup.

   

   

  ---

  
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows Server] Datacenter Management
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
  

  • Označen jako odpověď Regamoks úterý 19. listopadu 2019 17:44

  úterý 19. listopadu 2019 16:31

  Reagovat

  |

  Citovat
• 

  

  0

  Přihlásit se a hlasovat

  Expanded tree further - but still problem:  https://1drv.ms/u/s!AtStjN0soI68ezjHf6lyFfcsrd4?e=ckAna7

  The Domain Controller is running in an Hyper-v environment and i just restored a 1 year old version (without network connection) and the UAC=0x82000.

  How is Exchange going to "behave" if i restore a 2 month old version off the DC (there is no change of users in that time frame)?

  • Označen jako odpověď Regamoks úterý 19. listopadu 2019 17:44

  úterý 19. listopadu 2019 16:49

  Reagovat

  |

  Citovat
• 

  

  1

  Přihlásit se a hlasovat

  How is Exchange going to "behave" if i restore a 2 month old version off the DC (there is no change of users in that time frame)?

  I'd ask that one of experts in dedicated forums over here.

  https://social.technet.microsoft.com/Forums/office/en-US/home?category=exchangeserver

   

  (please don't forget to mark helpful replies as answer)

   

   

  ---

  
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows Server] Datacenter Management
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
  

  • Označen jako odpověď Regamoks úterý 19. listopadu 2019 17:44

  úterý 19. listopadu 2019 16:53

  Reagovat

  |

  Citovat
• 

  

  0

  Přihlásit se a hlasovat

  Thanks for the help!

  I made the "mark"

  úterý 19. listopadu 2019 17:45

  Reagovat

  |

  Citovat
• 

  

  0

  Přihlásit se a hlasovat

  Sounds good, you're welcome.

   

   

  ---

  
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows Server] Datacenter Management
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
  

  úterý 19. listopadu 2019 17:49

  Reagovat

  |

  Citovat