unable to assign gc role to any dc

[Guest]

hi all,

we had problem with our first dc and it had to be forcibly removed using
dcpromo/forceremoval cmd.

the following roles were seized on the another dc:
rid
schema master
pdc emulator
infrastruture master


we are having problem to seize the domain naming master and no dc can be
assigned as GC.

there are several replication errors among DCs.

error 1126 is being logged -unable to establish connection with global
catalog.

plz advise

 

[Herb Martin]

hi all,

we had problem with our first dc and it had to be forcibly removed using
dcpromo/forceremoval cmd.

the following roles were seized on the another dc:
rid
schema master
pdc emulator
infrastruture master

First make a full backup including SystemState of your favorite DC (the
one that has the roles) in case things get worse.

we are having problem to seize the domain naming master and no dc can be
assigned as GC.
there are several replication errors among DCs.

You might try removing the dead DC from AD by using NTDSutil
"metadata cleanup".

Just Google:

[ NTDSutil "metadata cleanup" ~remove DC site:microsoft.com ]

What happens when you check the GC box on a DC in AD Sites and
Services?

 

[Guest]

hi martin,

the crashed server name is termsrv1 and the new server name is OLE. the
domain is name is tklmain.forestside. there is another dc named
madanotes.tklmain.forestside.

now that termsrv1 is no more , can i delete it in AD? it is still visible in
ADSS and the role of domain naming opeartions master is still assigned to it.
should i remove termsrv1 through ntdsutil---wont it be a problem to seize
this role afterwards...

please advise?

thanks and regards

kryshzt

hi all,

we had problem with our first dc and it had to be forcibly removed using
dcpromo/forceremoval cmd.

the following roles were seized on the another dc:
rid
schema master
pdc emulator
infrastruture master

First make a full backup including SystemState of your favorite DC (the
one that has the roles) in case things get worse.

we are having problem to seize the domain naming master and no dc can be
assigned as GC.
there are several replication errors among DCs.

You might try removing the dead DC from AD by using NTDSutil
"metadata cleanup".

Just Google:

[ NTDSutil "metadata cleanup" ~remove DC site:microsoft.com ]

What happens when you check the GC box on a DC in AD Sites and
Services?

error 1126 is being logged -unable to establish connection with global
catalog.

 

[Herb Martin]

hi martin,

the crashed server name is termsrv1 and the new server name is OLE. the
domain is name is tklmain.forestside. there is another dc named
madanotes.tklmain.forestside.

now that termsrv1 is no more , can i delete it in AD? it is still visible
in
ADSS

Do NOT delete it there or in any other GUI---delete it with NTDSUtil
"metadata cleanup" (which is tedious to do and you will need the docs
from the MS or jsiinc.com site.)

and the role of domain naming opeartions master is still assigned to it.
should i remove termsrv1 through ntdsutil---wont it be a problem to seize
this role afterwards...

Seizing should not be affected by any removal but I would try to seize
again with NTDSutil first. I would also make a backup so things CANNOT
get any worse.

 

[Guest]

hi martin,

the problem is coming with with two orphaned domains:
tklmada.tklmain.forestside and tklmada.forestside .

ive gone through ntdsutil to remove them but geting : DsRemoveDsDomainW
error Ox20ab (the cross reference for the specified naming context could not
be found)

an article state that i must remove it using adsiedit or lpd ....but again i
m getting the following message:
" A referral was returned from the server "

plz advise how must i proceed as the errors in event viewer clearly indiacte
that the gc is not being promoted as the replica of the orphaned domains are
not found.

regards

kryshzt

 

[Herb Martin]

hi martin,

the problem is coming with with two orphaned domains:
tklmada.tklmain.forestside and tklmada.forestside .

Why are they orphaned? Have you (now) lost the root domain?

If the root domain is lost with no backup and no more DCs then the
child domains are essentially lost too -- they will have to be migrated
to a working domain in a new forest.

ive gone through ntdsutil to remove them but geting : DsRemoveDsDomainW
error Ox20ab (the cross reference for the specified naming context could
not
be found)

an article state that i must remove it using adsiedit or lpd ....but again
i
m getting the following message:
" A referral was returned from the server "

Most of the time the ADSIedit procedure is for people who have ALREADY
messed by trying to remove DCs/domain without using NTDSUtil.

plz advise how must i proceed as the errors in event viewer clearly
indiacte
that the gc is not being promoted as the replica of the orphaned domains
are
not found.

First make backups of whatever you have -- including System State.

 

[Guest]

hi martin,

no the root domain is still here .....the two orphaned domains were created
for testing purposes and the domain controllers have been removed/formatted
without doing proper demotion.

regards
kryshzt

 

[Herb Martin]

hi martin,

no the root domain is still here .....the two orphaned domains were
created
for testing purposes and the domain controllers have been
removed/formatted
without doing proper demotion.

So it sounds like you mean "abandoned" or "improperly removed"
domains rather than "orphaned" which implies the loss of the parent
domain.

You should be able to remove every abandoned DC in each domain
and then the domain itself with NTDSUtil.

BUT if you are already at the point where you cannot do this then
you will have to research and use the much more complicated and
dangerous ADSIedit method.

 

[Guest]

hi martin,

i've gone through several tutorials but still i'm not being able to remove
the abondoned domains in adsiedit. im getting the error :

" a referral was returned from the server"

is there any way i can force this removal?

regards

kryshzt

 

[Herb Martin]

hi martin,

i've gone through several tutorials but still i'm not being able to remove
the abondoned domains in adsiedit. im getting the error :

" a referral was returned from the server"

is there any way i can force this removal?

If you haven't tried this one then do:

How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498

If you have then crosspost a NEW message to the Win2000 and
Windows.server Active_directory newsgroups and be very specific:

State that you have attempted to remove the DC with "metadata cleanup"
and whatever you have tried with ADSIEdit inlcuding the KB articles
you followed.

Give the exact error messages and error numbers you receive.

I have never actually done it that way so don't know what the
problem might be.