Need to recreate NTDS Settings for DC in Sites and Services

[runout74]

I am in need of some assistance with an AD problem.

It is late and I have been working on this all day so I hope I make sense.

Here is the problem. We have two Server 2003 domain controllers. DC1 is at the main office. DC2 was at a remote site that was eventually shut down and DC2 was forgotten for awhile. Replication was broken since we exceeded the tombstone number of days.

We recently brought DC2 to the main site for reinstall. At the same time I deleted DC2 out of Active Directory Sites and Services on DC1. Big Mistake. The owner changes his mind and wants DC2 to be the main server. All I have to do is recreate the DC2 on DC1 Active Directory Sites and Services. I thought this was going to be easy but I have been working on it all day and have had only partial success. I fixed the issue with Kerberos KDC. The two domain controllers replicated ONCE. After that, now there are missing NTDS connections on both servers.

I have been bouncing back and forth between a couple Q articles from Microsoft.
http://support.microsoft.com/kb/262561/
http://support.microsoft.com/kb/887430

I have too many gaps in my knowledge base when it comes to Active Directory.

What direction should I be going and what are the steps. I could dcpromo to bring down DC2. Then just dcpromo to promote DC2 again. Would this fix the replication and re-add DC2 to ADSites and Services? I believe it would cause problems since AD still has knowledge of DC2. I did read an article on how to clean the metadata when a DC dies without dcpromo'ing it down.

I am tired and starting to ramble. Let me streamline this:

***DC2 missing from AD Sites and Services on DC1. Replication Broken***

I appreciate any and all comments.

Woody

[runout74]

Hello runout74,

Do you have a recent backup from your system state before the DC was deleted?

[runout74]

Hello runout74,

Do you have a recent backup from your system state before the DC was deleted?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Thank you for your reply.

We do have a backup of the System State for both domain controllers. I would like to leave this option as a last resort.

Runout74

[runout74]

Great idea! I have a question about the steps.

How do I force demote the DC? I believe you are refering to the check mark during dcpromo that says something like, "This server is the last domain controller in the domain"? If I use this check mark then the computer will be removed from the domain and placed in a workgroup. If I am correct then replication will not occur. What am I missing?

This is what I think you are telling me:

FORCE demote DC2
Cleanup metadata with NTDSUTIL (on DC1)
Rejoin the DC2 to the domain
Allow replication to occur
REpromote DC2

Tell me if I am totally wrong. I don't mind. I just want to get this right.

Thank you for replying.

Runout74

[dkumar]

Ready made Script for Metadata cleanup.. Hope its Help ..

copy and save as MetaCleaner.vbs

[runout74]

even if someone gives you the "OK" it is still your responsibility to test
it yourself. Metadata cleanup is not something you do regularly and if done
incorrectly you might impact other DCs. I once created a metadata cleanup
utility, but I have never released it to the public because it is too
dangerous. It works for w2k,w2k3,w2k8 (including RODCs, SYSVOL with DFSR)
and it does its job very good. In the wring hands maybe too good!