|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
AD replication after a yearOur W2k3 server has been isolated from our corporate office for about a
year due to some poor network planning. I have been asked to look at setting this connection up and allowing our server to once again replicate with the root server at our corporate office. My concern is that after a year the replication (if it is successful) will only create more problems. Any ideas or opinions about this. I appreciate any help you may offer. Thanks tex_it_manager wrote:
> Our W2k3 server has been isolated from our corporate office for about a I think that the quickest and easiest way will be demoting and promoting > year due to some poor network planning. I have been asked to look at > setting this connection up and allowing our server to once again > replicate with the root server at our corporate office. My concern is > that after a year the replication (if it is successful) will only > create more problems. Any ideas or opinions about this. > > I appreciate any help you may offer. Thanks > back this DC (demoting with forcedemote). If You want to introduce old DC to the network You have to be sure that it would not introduce any old objects in any of the naming contexts. So first You have to check it for lingering objects and perform removal operation for those objects. Jamie,
Look at the 'tombstone' life. Your one year has really passed the tombstone life of 60 days in WIN2000 and WIN2003 (but 180 days IIRC for WIN2003 SP1 - the integrated version). I would dcpromo this machine and the re-promote it. You will probably have to do a metadata cleanup. Look into using ntdsutil to accomplish this. And, if possible, use ntdsutil from WIN2003 Service Pack 1. This is a very general answer to your question. Have you run dcdiag /v and netdiag /v as well as repadmin /v on your existing Domain Controllers (how many do you have? how many Sites?). Did this Domain Controller hold any of the FSMO Roles? What other services did it provide (DNS, DHCP, GC, etc.)? -- Show quoteHide quoteCary W. Shultz Roanoke, VA 24012 "tex_it_manager" <jamie.elk***@excite.com> wrote in message news:1139524731.770822.219590@z14g2000cwz.googlegroups.com... > Our W2k3 server has been isolated from our corporate office for about a > year due to some poor network planning. I have been asked to look at > setting this connection up and allowing our server to once again > replicate with the root server at our corporate office. My concern is > that after a year the replication (if it is successful) will only > create more problems. Any ideas or opinions about this. > > I appreciate any help you may offer. Thanks > Jamie,
You have no choice but to demote the DC forcefully and repromote it into the domain. This is due to the fact that objects deleted from AD are kept only for 60 days as "tombstoned" objects". Objects are kept after deletion in this way so that all the DC's in a domain are able to understand that the object is marked for deletion. after 60 days (default) tombstoned objects are actually deleted. Consequently, if you bring a DC that has been out of replication for more than this period, it may have objects that the rest of the servers have deleted. If these objects are reintroduced into the directory, you will have a condiition known as "lingering objects" a situation that causes significant headaches. So before hooking up the DC to the rest of the network, run the dcpromo /forceremoval switch. Then go to your existing AD and perform a metadata cleanup to get rid of the DC. To do this, follow KB 216498 http://support.microsoft.com/default.aspx?scid=kb;en-us;216498 When this is complete, connect up the network again, and promote the DC Show quoteHide quote "Cary Shultz" wrote: > Jamie, > > Look at the 'tombstone' life. Your one year has really passed the tombstone > life of 60 days in WIN2000 and WIN2003 (but 180 days IIRC for WIN2003 SP1 - > the integrated version). > > I would dcpromo this machine and the re-promote it. You will probably have > to do a metadata cleanup. Look into using ntdsutil to accomplish this. > And, if possible, use ntdsutil from WIN2003 Service Pack 1. > > This is a very general answer to your question. > > Have you run dcdiag /v and netdiag /v as well as repadmin /v on your > existing Domain Controllers (how many do you have? how many Sites?). > > Did this Domain Controller hold any of the FSMO Roles? What other services > did it provide (DNS, DHCP, GC, etc.)? > > -- > Cary W. Shultz > Roanoke, VA 24012 > > "tex_it_manager" <jamie.elk***@excite.com> wrote in message > news:1139524731.770822.219590@z14g2000cwz.googlegroups.com... > > Our W2k3 server has been isolated from our corporate office for about a > > year due to some poor network planning. I have been asked to look at > > setting this connection up and allowing our server to once again > > replicate with the root server at our corporate office. My concern is > > that after a year the replication (if it is successful) will only > > create more problems. Any ideas or opinions about this. > > > > I appreciate any help you may offer. Thanks > > > > > 
Other interesting topics
setting account expire date problem
Upgrading to Windows 2003 from Windows 2000 Failed to open the group policy object Unable to assign TerminalServicesHomeDrive Letter using script. Least amount of privileges Loading GPMC AD Restore How to setup an account as non Domain admin to join comps to domai Set et "inherit from parent the permission" on multiple user objects at same time User Name in AD |
|||||||||||||||||||||||
