Error / event 16650

G

Guest

I recently had to try and recover the first DC on my network. I did not move
any roles. I am unable to create any user accounts on this machine, though
accounts created on my other DC replicate to this DC - DC1. I tried article
839879, but it did not correct the problem. I still get "unable to provide
unique Account identifier". There is no CN=RID Set for this machine --- ADSI
mmc. The text suggest to demote and repromote the dc. This machine had held
all roles in the domain.

I just want to be sure of the best course of action. I guess I would like
to keep all the roles on that machine, it is also our Exchange server -
though it is not got a lot of horsepower.

Opt 1

Demote / promote

If this does not work

I guess I would try to force the roles to the other machine and just get
this one back in place as DC. Though I have read you should not bring it
back on line after seizing the roles. It thinks it still has the roles and
so does the other DC, but I can not transfere the roles or create user
accounts"unable to locate role holder".

I am open to all suggestions.
 
F

Frank Szita [MSFT]

You will need to forcefully demote the domain controller that is having an
issue. Follow Microsoft Knowledge Base article 332199 "Using the DCPROMO
/FORCEREMOVAL Command to Force the Demotion of Active Directory"
(http://support.microsoft.com/?id=332199)

Once the domain controller is promoted down you will need to seize the FSMO
roles to the other domain controller. Follow Microsoft Knowledge Base
article 255504 "Using Ntdsutil.exe to seize or transfer FSMO roles to a
domain controller" (http://support.microsoft.com/?id=255504)

The computer account for the domain controller that has been forcefully
demoted will need to be removed from active directory. Follow Microsoft
Knowledge Base article 216498 "How to remove data in Active Directory after
an unsuccessful domain" (http://support.microsoft.com/?id=216498)

Rejoin the problem domain controller to the domain and repromote as a DC.

If you are running Exchange 2000 then you will need to make a change on
one of the active directory objects. Follow Microsoft Knowledge Base
article 297295 "The computer account for Exchange Server is absent"
(http://support.microsoft.com/?id=297295)

Best regards,

Frank Szita [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SAM Event Error 16650 3
Issue with DC demotion 3
FSMO issues 4
Removing a Server from Active Directory 1
[Long] Clearing GC check box caused child domain to be deleted! 5
Seizing FMSO roles. Pls help. 8
AD FSMO roles corrupt 2
Operations Master Replication Issue Event ID 13562 10

Top