an URGENT problem in windows 2000 domain controllers


G

Guest

hi,
i've got a complicated issue and need help on it.first of
all, i want to mention that the cause may be a conflict of
name between a domain controller called DC1 and another
windows 2000 server machine in network called DC1 too.
once, i saw this problem i disconnect the machine with the
same name, however the domain controller was unable to
work correctly:
I.first the active directory doesn't work: i mean the mmc
console called "Active Directory users and computers"
could not open directory in the domain controller DC1.
II.second the exchange server installed on the same
machine ( i mean the domain controller DC1) is out of
service as it depends on Active Directory.

in such situation i proceed as follow:
1. i operate an authorative restore of the
subtree "cn=DC1,ou=domain controllers,dc=mydomain,dc=xxx"
using a backup of system state in the domain controller
DC1. after restoring and reboot, all seems to work in the
domain controller DC1.but, when i tried to create any
directory object in DC1 this object couldnot be replicated
to other domain controllers (which are:DC2,DC3,DC4).
but when i created any object in Active directory in other
domain controllers(i mean DC2, DC3 and DC4) the
replication was ok between them and this object was
visible in DC1.
beside this i've got other problems with the four domain
controllers :
a.many mmc consoles couldn't open DC1 tree from other
domain controllers(i mean DC2, DC3 and DC4) like 'Active
Directory users and computers','sites and services'.in
this case, an error messages said the cible machine (that
is DC1) could not be contacted.
b.some shared folders in DC1 was not shared
like: 'sysvol' and 'netlogon'.
c.some mmc consoles were unable to open in all domain
controllers(i mean DC1,DC2,DC3 and DC4) like:'domain
controller security','domain security', 'groups strategy'.
2. after restoring (authoritative restore as mentioned
above) system state in DC1, i found on microsoft knowledge
base an article with number 248132, saying that
authorative restore of subtree
("cn=DC1,ou=domain controllers,dc=mydomain,dc=xxx") in all
domain controllers must be done. then i made the same
authorative restore procedure for another domain
controller DC2. after that, i made a replication
between DC2 an other domain controllers( i mean DC1, DC3
and Dc4) then the DC1 was seen as 'DOMAIN CONTROLLER' on
subtree "cn=DC1,ou=domain controllers,dc=mydomain,dc=xxx"
in all domain controllers.
3. next i made the same restoring procedure in another
domain controller DC3. Howerver, after this restoration
the state of DC3 become such as DC1 before DC1 was retored
( i mean same symptoms in DC3 as seen above : a., b., c.
and also replication between DC3 and other domain
controllers could not be done anymore).
--------------


i also want to mention some details that could be
important:
* the domain controller DC1 that first had problem
is 'the master of operations' in my domain having 5
principal roles.
* the backup of system state that i used to retore the
three domain controllers (DC1, DC2 and DC3) were not made
on same date. do you think that this difference could have
any impact on restoring of domain controllers? as you
know, i made authorative restore of only a subtree in
active directory (as mentionned above).
* i didn't achieve the procedure in microsoft
knowledge base an article with number 248132.i mean i
didn't make an authotive restore of the last domain
controller in my domain that is DC4.

if you have any idea about how to resolve this problem
please contact me as soon as possible because now there
are two domain controllers out of services (DC1 and DC3).
thanks in advance,
Houda
 
Ad

Advertisements

D

David Swales

Sounds like DC2 has the most up-to-date schema, which
means you actually performed a non-authoratitive restore.
Did you use NTDSutil?
 
G

Guest

yes may be DC2 has the most up-to-date schema, as the
backup date was the recent one. for NTDSutil, i didn't use
it on restoring.However, i made the following procedure:
a. i operate a non authorative retore in DC1 and DC3.
b. after that, i delete then recreate and update (from
other DNS servers that are DC2 and DC4)each DNS Zone in
DNS server which are the domain controllers DC1 and
DC3 .next, i made those search zones as active directory
integrated.
c. i reboot all domain controllers DC1,DC2,DC3 and DC4.
the immediate situation now (after those updates )
is as follows:
1. replication can be done between DC1, DC2 and DC4.
2. now SYSVOL and NETLOGON are visible in DC1.
3. many mmc consoles could now be opened in DC1 tree from
other domain controllers(i mean DC2, DC3 and DC4)
like 'Active Directory users and computers','sites and
services'.and mmc consoles are now opened in all domain
controllers(i mean DC1,DC2 and DC4) like:'domain
controller security','domain security', 'groups strategy'.
4.the problem is the same in DC3 even if i made the
procedure above(a.and b.). i didn't made a reboot of DC3
because it may affect exchange sercices on DC3.
if you have any idea about how to resolve this problem
please send me your response.
thanks for your collaboration.
 
Ad

Advertisements

G

Guest

The DCs will NOT replicate without a restore which is
outdated.
If you have not used NTDSutil, you haven't marked any
objects to have their USNs increased, so they are
immediately tombstoned.

I suspect you will continue "chasing your tail" until you
do the Authoratitive restore in the published fashion,
using NTDSutil.

Good luck.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top