Since you don't know where this thing stands we just need to get it out and be done with it.
On DC3, run dcpromo /forceremoval On DC1 or 2, use ntdsutil and do a metadata cleanup to remove DC3 or any other DC which doesn't exist. Thanks, Brian Desmond [email protected] c - 312.731.3132 From: Kelli Sterley [mailto:[email protected]] Sent: Thursday, December 23, 2010 2:19 PM To: NT System Admin Issues Subject: Re: AD Mess! Let's see if I can explain this clearer... without screenshots. Looking at the Sites and Services on DC1: DC1 has this NTDS setting: From Server DC2, Type: connection (manually added) DC2 has this NTDS setting: From Server DC1, Type: conection and DC3, Type: connection (both were automatically generated) DC3 has this NTDS setting: From Server DC2, Type connection (manually added) Looking at the Sites and Services on DC2: DC1 has this NTDS setting: From Server DC2, Type: connection (manually added) DC2 has this NTDS setting: From Server DC1, Type: conection and DC3, Type: connection (both were automatically generated) DC3 has this NTDS setting: From Server DC2, Type connection (manually added) Looking at the Sites and Services on DC3: DC1 has this NTDS setting: From Server DC_OLD, Type: connection DC2 has this NTDS setting: None, it was added by me but I can not add any NTDS settings DC3 has this NTDS setting: From Server DC_OLD, Type connection DC_OLD is listed (which I double checked by running dcpromo and it is NOT apart of the DC group) has this NTDS setting: From DC1, Type: connection My computer shows the exact same as DC1 and DC2 when I open up Sites and Services. As you can see, this is royally screwed up and I can't seem to figure out how the heck to remove DC3 from the mix because it was never suppose to be promoted in the first place. Any ideas??? On Thu, Dec 23, 2010 at 11:33 AM, VIPCS <[email protected]<mailto:[email protected]>> wrote: Do DC1 and DC2 show connections to DC3? depends on which box i look at Does DC3 show up in the Domain Controllers OU in AD when looking at DC1 or DC2? yes and yes If there are no references to DC3 on DC1 or DC2, then remove DC3 from the network, and force a demotion on DC3, then try promoting it again to a DC. If there are references to DC3, then you will need to do a metadata cleanup to remove those references, since DC3's information is too old to try and force an update, and again, the best thing to do is simply force a demotion (after doing a cleanup) and start over. Sincerely, Jeffrey and Mary Jane Harris VIPCS ________________________________ From: Kelli Sterley [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, December 23, 2010 11:07 AM To: NT System Admin Issues Subject: AD Mess! Not sure if this should go here or the AD list but i'll start here ... Once again I am trying to clean up a mess left by the people before me ... I have 2 Win2003R2 DC's (DC1 and DC2). They are working and replicating fine. I also have a Win2008 that was attempted to join the DC 's (DC3). According to what I know, dcpromo was ran on it but it was never rebooted. So I rebooted it. Now when I look at the Sites and Services I do not see what I see on the other 2 DC's. DC1 and DC2 have all three servers listed under the Server folder and the NTDS settings showing they all have connections that are replicating. However when I look at DC3, it is looking at old information (an old DC that was demoted) and has all together incorrect information. So my "powers that be" said .. remove it. Now when I try to run dcpromo, I get errors. The first I was able to fix but this error I can not seem to find much information on and what I do read isn't clear. "The operation failed because: Active Directory Domain Services could not transfer the remaining data in directory partition CN=Schema,CN=Configuration,DC=domain,DC=local to Active Directory Domain Controller DC1.domain.local. The distinguished name specified for this replication operation is invaild" Any help would be great, I'd rather not force remove the server from the DC position but if it's the only option I'll have no choice. KS ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
