none
active directory rebuilding indices

    Question

  • I have a domain controller that suffered an unexpected shutdown during a power outage (wind storm). The server was in the process of being decomissioned and was only servicing as a DNS backup server and AD replication partner at the time of the failure. All AD roles were moved to the new SBS 2003 R2 server. Since the power outage the server has displayed "active directory rebuilding indices" upon boot and most automatic services fail to start at boot. I cannot manage the server remotely (Computer / Manage) or RDP to the server. I have tried CHkdsk /r to recover the AD coruption but have not been able to. The server has been 2 months without a replication and is close to tombstone. My goal is to get this server back in the AD for just long enough to gracefully demote the server. I do not have a backup of this server as it was not providing any significant role. Is there anything I can do to gracefully demote this server and ensure all items are properly removed from the current active directory?

    This is the replication status for the following directory partition on the local domain controller.

     

    Directory partition:

    DC=DomainDnsZones,DC=domainname,DC=local

     

    The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals.

     

    More than 24 hours:

    1

    More than a week:

    1

    More than one month:

    1

    More than two months:

    1

    More than a tombstone lifetime:

    0

    Tombstone lifetime (days):

    180

    Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.

     

    To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe.

    You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".

    Monday, April 12, 2010 6:34 PM

Answers

  • Do not. Instead, shut it down and decomission. Clean up AD metadata using the procedure described in http://support.microsoft.com/kb/555846

    hth
    Marcin

    • Marked as answer by Wilson Jia Tuesday, April 13, 2010 2:11 AM
    Monday, April 12, 2010 6:49 PM
  • No need to to get it back online.

    Check out a Blog artcile I have on clean up at:

    http://blogs.dirteam.com/blogs/paulbergson/archive/2009/06/09/active-directory-cleanup-the-most-common-question-i-see.aspx

     

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    Microsoft's Thrive IT Pro of the Month - June 2009
    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.

    • Marked as answer by Wilson Jia Tuesday, April 13, 2010 2:11 AM
    Monday, April 12, 2010 6:58 PM
    Moderator
  • Howdie!

    Am 12.04.2010 20:34, schrieb Matthew Van Heyst:
    > I have a domain controller that suffered an unexpected shutdown during a
    > power outage (wind storm). The server was in the process of being
    > decomissioned and was only servicing as a DNS backup server and AD
    > replication partner at the time of the failure. All AD roles were moved
    > to the new SBS 2003 R2 server. Since the power outage the server has
    > displayed "active directory rebuilding indices" upon boot and most
    > automatic services fail to start at boot. I cannot manage the server
    > remotely (Computer / Manage) or RDP to the server. I have tried CHkdsk
    > /r to recover the AD coruption but have not been able to. The server has
    > been 2 months without a replication and is close to tombstone. My goal
    > is to get this server back in the AD for just long enough to gracefully
    > demote the server. I do not have a backup of this server as it was not
    > providing any significant role. Is there anything I can do to gracefully
    > demote this server and ensure all items are properly removed from the
    > current active directory?

    Since you already have the SBS 2003 R2 server around and already
    promoted, it works as another domain controller, right? Why messing
    around with the corrupt AD instance on the failed machine and not just
    take the machine off the network, metadata clean it:
    http://support.microsoft.com/kb/216498 -- and flatten and rebuild it as
    a second domain controller again?

    I understand and agree that gracefully demoting the DC is the way to go
    -- but since you were to demote it anyways and you don't seem to have a
    good backup you could restore it from (do you?), I would weigh the
    hassle of rebuilding it against the restore. Did you try to restore the
    last backup that you have?

    Cheers,
    Florian

    Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
    • Proposed as answer by Mike Kline Monday, April 12, 2010 7:21 PM
    • Marked as answer by Wilson Jia Tuesday, April 13, 2010 2:11 AM
    Monday, April 12, 2010 7:02 PM

All replies

  • Do not. Instead, shut it down and decomission. Clean up AD metadata using the procedure described in http://support.microsoft.com/kb/555846

    hth
    Marcin

    • Marked as answer by Wilson Jia Tuesday, April 13, 2010 2:11 AM
    Monday, April 12, 2010 6:49 PM
  • No need to to get it back online.

    Check out a Blog artcile I have on clean up at:

    http://blogs.dirteam.com/blogs/paulbergson/archive/2009/06/09/active-directory-cleanup-the-most-common-question-i-see.aspx

     

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    Microsoft's Thrive IT Pro of the Month - June 2009
    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.

    • Marked as answer by Wilson Jia Tuesday, April 13, 2010 2:11 AM
    Monday, April 12, 2010 6:58 PM
    Moderator
  • Howdie!

    Am 12.04.2010 20:34, schrieb Matthew Van Heyst:
    > I have a domain controller that suffered an unexpected shutdown during a
    > power outage (wind storm). The server was in the process of being
    > decomissioned and was only servicing as a DNS backup server and AD
    > replication partner at the time of the failure. All AD roles were moved
    > to the new SBS 2003 R2 server. Since the power outage the server has
    > displayed "active directory rebuilding indices" upon boot and most
    > automatic services fail to start at boot. I cannot manage the server
    > remotely (Computer / Manage) or RDP to the server. I have tried CHkdsk
    > /r to recover the AD coruption but have not been able to. The server has
    > been 2 months without a replication and is close to tombstone. My goal
    > is to get this server back in the AD for just long enough to gracefully
    > demote the server. I do not have a backup of this server as it was not
    > providing any significant role. Is there anything I can do to gracefully
    > demote this server and ensure all items are properly removed from the
    > current active directory?

    Since you already have the SBS 2003 R2 server around and already
    promoted, it works as another domain controller, right? Why messing
    around with the corrupt AD instance on the failed machine and not just
    take the machine off the network, metadata clean it:
    http://support.microsoft.com/kb/216498 -- and flatten and rebuild it as
    a second domain controller again?

    I understand and agree that gracefully demoting the DC is the way to go
    -- but since you were to demote it anyways and you don't seem to have a
    good backup you could restore it from (do you?), I would weigh the
    hassle of rebuilding it against the restore. Did you try to restore the
    last backup that you have?

    Cheers,
    Florian

    Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
    • Proposed as answer by Mike Kline Monday, April 12, 2010 7:21 PM
    • Marked as answer by Wilson Jia Tuesday, April 13, 2010 2:11 AM
    Monday, April 12, 2010 7:02 PM
  • Thank you. So I complete all steps in KB55846 and KB216498 on the current SBS 2003 R2 server which is the only Active Directory controller? What is the point of Step 5 in KB55846? Is that just for a multi AD controller environment or is it needed to ensure that the current SBS server knows it is the only AD server left? If I Do all these steps I can just send the old "defunk" server to the recycler without taking any steps on it other than maybe a disk wipe?
    Monday, April 12, 2010 8:41 PM
  • Correct - step 5 is relevant in a multi-DC environment.

    Considering that you are dealing with SBS installation, you might want to also post your question on the SBS forum, but from the AD perspective, metadata cleanup would be recommended approach...

    hth
    Marcin

    Monday, April 12, 2010 9:17 PM
  • Hi,

    As this is a SBS issue, you may wish to also post to the SBS newsgroups. This will provide access to others who read the public newsgroups regularly who will either share their knowledge.

    SBS NewsGroup

    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.sbs

     

    SBS 2008 NewsGroup

    https://connect.microsoft.com/sbs08/community/discussion/richui/default.aspx?wa=wsignin1.0

    Regards,

    Wilson Jia


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, April 13, 2010 2:12 AM