AD not updating

[Yor Suiris]

Hi all,
I have made some changes to our AD (moved a group of users to a dif folder
and group membership) on one of our Win2K DC servers (not the master). But
the changes are not showing up. When I logon to the Master DC and check the
AD the old folder structure is still in place and the group membership has
not been updated. Thus some of the users can not access the resources they
should.
I am also getting an error that the Win2K DC can not retrieve a list of
servers from the Browser Master (DC Master). Although the DC Master shows no
related errors.
Is there a way to force those two machines to sync their AD? Or is there
something else I should be looking for?
Thanks for any help.

 

[Cary Shultz [A.D. MVP]]

Yor,

I might suggest that you have a replication issue. I am going to assume
that you have at least two DCs and only one physical Site. Please take a
look at the following MSKB Article describing how to troubleshoot intrasite
AD Replication issues:

http://support.microsoft.com/?id=249256

If you have not already done so, I might suggest that you install the
Support Tools on all of your Servers ( Member Servers, Exchange Servers,
Domain Controllers, et al ). The Support Tools can be located in a couple
of places: on the WIN2000 Server CD as well as on the WIN2000 Service Pack
CD - in the Support | Tools folder. You can also download them from the MS
web site at http://www.microsoft.com/downloads.

I would start off by running repadmin /showreps and repadmin /showconn to
make sure that all of the incoming connection objects are there. I would
also run a dcdiag /c /v on each DC just to check the general health. Also,
make sure that everything is in order with DNS.....

Also, and this is just semantics, there is no longer the concept of Master
DC and Secondary/Backup DC in WIN2000. All Domain Controllers are on equal
footing. There are, however, five FSMO Roles that exist in WIN2000 Active
Directory: the Schema Master, the Domain Naming Master, the PDC Emulator,
the RID Master and the Infrastructure Master. I would not think that this
has anything to do with your problem. I simply included it for
clarification ( in general ).

HTH,

Cary

 

[Yor Suiris]

Yes I know that PDC is an old term But how better to refer to the
"Operations Master"? Same thing is it not?
As to more on my problem (if you're still there). Repadmin when run on the
Operations Master shows errors:
DC=abc,DC=defg,DC=net
Some\THING via RPC
objectGuid: f62c4270-1e29-4fe6-83c8-e01fa60cbfc0
Last attempt @ 2004-03-30 13:35.01 failed, result 8451:
The replication operation encountered a database error.
Last success @ 2004-03-04 12:32.00.
11049 consecutive failure(s).

So I setup a New Server and did dcpromo and tried to switch Operations/Roles
Master to it. But can not talk to current Master due to above error.
So I tried to seize the domain. I used ntdsutil, all seemed fine. Then I
Changed the roles withADSIEdit. All seemed fine.
Then I go to setup DHCP & DNS (as they were on the sick server as well). I
try to de authorize the sick server' DHCP and it can not find the DC
(itself). And when I authorize the new it shows as already added but will
not start.
So I go to second DC it still shows the sick server as the operations Master
with the comment that it is offline and changes can not be made. I check the
new server with AD Domains & Trusts and it shows the sick server as the
master, but can not contact it. I try to add a new user to the New AD
Machine and I am told it can not access the AD to verify the name is not in
use.

So how do I turn off the sick Operations Master and get the New AD server to
Become the Operations Master?