Damn...demoting all DCs (except one) and promoting again... auch if I needed to demote DCs because they have not replicated for more than the TSL I would do the following: * Investigate which DCs DO replicate... Before starting the promotion of new DCs while the bad ones are running, stop and disable the NETLOGON service on the BAD DCs (this is to prevent that if you start promoting new DCs they will talk with the BAD DCs) (when force demoting a bad DC set the NETLOGON service to manual but don't start it) If ALL DCs are shouting the other DCs have been disconnected for too long.... I would choose the DC with the FSMO roles as the DC NOT to demote (I would also hope the other FSMO are on that DC) (that's why I like having all FSMOs one DC) and demote ALL others. As replication will not work you need to force demote them and clean their metadata (http://support.microsoft.com/?id=216498) on one of the remaining healthy DCs. If you have more than one remaining DC don't forget to let the metadata cleanup replicate to all remaining DCs before promoting again * If needed seize FSMO roles * Promote demoted DCs again to DC and when applicable also make it a GC (if single domain forest domain, make all DCs a GC) this should do it Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : <see sender address>
________________________________ From: [EMAIL PROTECTED] on behalf of Mark Parris Sent: Thu 2006-03-16 21:53 To: ActiveDir.org Subject: [ActiveDir] AD Recovery after tombstone hits all DC's All, As per my email from Monday - "not a line from a song...." I have managed to persuade the company to do a DC demotion and promotion. Now I have a question do I need to demote all DC's bar one then promote them all back up or can i do it on a site by site basis? Will new DC's introduced prior to the demotion excercise be exposed to the tombstoned data too? and finally can you manually delete tombstoned objects - as it is these objects that are failing replication in the AD. I have ran the clean up of lingering objects multiple times with no joy. I manually deleted the corrupt machine accounts via adsi edit and the ad then skipped onto the next set of failing attributes. I then tried via LDP to delete the tombstoned objects and it will not let me. Any additional guidance would be appreciated. Sent from my blackberry - so sorry for no spell check. Regards, Mark List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<winmail.dat>>
