global catalog urgent prob..

[bill]

I got a domain with 2 w2k3 controllers , one died (was w2k) and had to
rebuild with w2k3 , same time this domain had a trust with another
domain child with one domain controller w2k which unfortunately we
wanted to get rid of domain and have this server join parent , it got
force removed but trust was not removed first, thus now on domain the
global catalog (both servers) are waiting 5 minutes to update as they
are still seeing old domain and waitng to get a copy of this ad before
allowing the gc to continue, prob is dcdiag on both servers says no GC
found , thus my users are not going to be able to logon , well they
can with cahed as it is mxed node not native , but how do I get rid of
trust and any info related to old domain now server has been demoted,
do I need to run this metadata cleanup option as well as what?????
TIA

 

[bill]

Thanks Paul, just a couple of q's from that article 216498 ....I
assume you run the ndsutil on your master server ??? and if so in the
procedure section it mentions "4. Type connections and press enter :
this menu is used to connect to specific server where the changes
occur." is that the forced demoted controller of the old Domain??? if
so it is now a member of the existing domain, will this be a prob????
Bill.

 

[ptwilliams]

You can run ntdsutil from anywhere. You'll need to bind to a working server
to perform the cleanup however.

At step four you need to connect to an existing, working DC in the domain -
not to the one you are going to remove/ cleanup.

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Thanks Paul, just a couple of q's from that article 216498 ....I
assume you run the ndsutil on your master server ??? and if so in the
procedure section it mentions "4. Type connections and press enter :
this menu is used to connect to specific server where the changes
occur." is that the forced demoted controller of the old Domain??? if
so it is now a member of the existing domain, will this be a prob????
Bill.

OK, you have several issues here. Here's a brief outline of what you need

to do. Post back for one of us to help you with more specifics if you need
them...

You'll need to do a metadata cleanup to get rid of the old DC info in the root.
-- See: http://support.microsoft.com/?kbid=216498

You'll also need to get rid of the old child domain via a similar process.
-- See: http://support.microsoft.com/?kbid=230306

You can break the trust manually (I can't remember if you need to do this

or not before the aforementioned article). This is done by using the netdom
trust command.