Re: [ActiveDir] Not a line from a song - "It has been too long since this machine replicated"

[Al Mulnick]

I have to ask: Why? Why bother taking that chance with that registry key vs. flattening the DC and building new? To me, those DCs are suspect and should be shot on site.  It's worth the extra effort and the hardware investment at this point (it's really only one new server.  I'd be fine with a desktop as a server if that's what it takes to get the AD back in shape; until you could flatten and rebuild the existing server class hardware (big assumption on my part)). 

 

Be sure to address the issues that led to that kind of issue in the first place prior to completing the fixes.  Otherwise, you'll be back.  

 

I also have to ask: Are you working in one of the far reaches of my current employer ;) ?

 

Al
 

On 3/13/06, Mark Parris <[EMAIL PROTECTED]> wrote:

Hello All,

This is for several beers at DEC if you're there.

This week I am sorting out a company whose AD has not fully replicated since July 2005!

They have 9 DC's All Windows Server 2003 SP1 (Forest level 2003).

I have managed to most of get the DC's talking to each other and I now have partial replication,

I have done this by setting the registry key Allow Replication With Divergent and Corrupt Partner to 1 and I have run repadmin /removelingeringobjects ServerName ServerGUID DirectoryPartition (/advisory_mode ) on the server that is the PDC emulator.

I have three DC's which will not replicate and I believe this is due to there being a password mismatch on the DC Machine accounts so I will reset these tomorrow.

Is there anything else I should be aware of?

Mark