corrupted AD

B

Ben

One of my customers recently ran out of space on their main domain
controller (win2k running AD & exchange 2000). They have two other
domain controllers, one of which is on a remote site. After
troubleshooting a 'no domain controller' message upon logon with their
NT4 clients, I determined that the remote site is authenticating all
of the users.
Within the sysvol folder on the main domain controller is a folder
within it's name has an replication failure message. The contents of
which don't look correct.
The sysvol folder is no longer shared at all. I presume as some sort
of safeguard.

My question is, now that i've sorted out the space issues, can i just
re-setup the share and all the authentication to proceed? Will this
replicate the good copy of sysvol from the remote domain controller,
or will the bad copy take precedence?

Any help is much appreciated.

Regards,
Ben Wagg.

(e-mail address removed)
 
D

David Brandt [MSFT]

I'm not sure what the folder in sysvol was called or what was in it that
looked funny, or what errors you might be seeing in the event logs of that
dc, and without that info difficult to really say what the problem might be.
However I would not recommend just re-sharing sysvol. This can be forced
via registry entry to re-share and reboot, but best to try and correct the
root problem.
If dns is working properly and no problems with pinging fqdn, other dc's by
name, etc one thing that you might consider doing is a demote/re-promote of
that dc (assuming that your confident that the other existing dc's have up
to date AD info and they are fine).
Seeing the event log errors, etc would give a better idea of the problem
though.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
C

Cary Shultz [A.D. MVP]

Ben,

Looking at one part of your question only - the remote DC authenticating all
logon attempts. Not taking any other factors into account. David is
helping you with the root problem. I am just addressing the issue of a
remote DC authenticating all logons in general terms....

Do you have AD Sites and Services set up and properly configured? Meaning,
inside of the AD Sites and Services MMC do you have multiple Sites set up?
Have you created the appropriate subnet for each existing subnet in your
network and associated each subnet with the appropriate Site? Is each DC
located in the appropriate Site?


Let's take an example. Let's say that I work at NKDSolutions and that there
are three offices: one in Roanoke, one in Richmond and one in Blacksburg. I
want all three offices to be part of the one domain. I can easily do this
by making use of the AD Sites and Services MMC. By default, we have one
Site already created ( "Default-First-Site-Name" ). I can rename that if I
so choose ( to 'Roanoke', for example ). I would then create two others (
'Richmond' and 'Blacksburg' ). I now have three Sites: Roanoke, Richmond
and Blacksburg.

Let's say that there is one subnet used in Roanoke ( 192.168.50.x ), one
subnet used in Richmond ( 192.168.60.x ) and one subnet used in Blacksburg
( 192.168.70.x ). I just need to create the subnets in the ADSS MMC and
then associate the subnet with the appropriate Site.

So, we now have the three subnets associated with the corresponding Site.

We now just need to make sure that the DCs are in the appropriate Site ( as
far as the ADSS MMC is concerned ).

Now, your clients should authenticate against the DC that is closest -
meaning, in the same Site ( as defined by what we just created ).

Please take a look at the following MSKB Articles:

How WIN2000 clients locate a DC:
http://support.microsoft.com/default.aspx?scid=KB;en-us;247811

How WIN XP clients locate a DC:
http://support.microsoft.com/default.aspx?scid=kb;[LN];314861

How to create AD Subnets and Sites:
http://support.microsoft.com/default.aspx?scid=kb;en-us;318480

How to optimize the location of a DC or GC:
http://support.microsoft.com/default.aspx?scid=kb;en-us;306602

General info:
http://www.microsoft.com/windows200...chinfo/reskit/en-us/distrib/dsbc_nar_jevl.asp

HTH,

Cary
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

id: 1000, id: 13540 5
event id: 1000 and evend id: 13540 1
Problem with SYSVOL replication after DCPROMO 1
netlogon and sysvol no share on DC 2
NTFRS 5
Corrupted Active Directory 1
Innundated with 1864 and 1862 replication errors after introduction of "lag-site" (longish) 0
SYSVOL not installed to default location??? 2

Top