AD replication shafted!

**manick** · 13th December 2011, 03:10 PM

Hi all,

We have a self created problem here and are trying to find a way back! We have 2 DCs each hosted on a seperate VM host. Due to problems with (what appears to be iSCSI) losing mapped drives, we decided to take DC2 down and bring it back up on another host. To cut a long story short, we got our knickers in a twist and brought up the wrong snapshot up (about 3 weeks old) which resulted in an older version of AD coming back up. We didn't realise at the time and happily carried on with what we were testing and then brought it back up on the original VM host. Now (obviously) replication is broken, causing all sorts of mayhem with GP not applying correctly etc.

Is there any way to force DC2 to replicate from DC1 to bring it up to date? or is the only way to Demote DC2 and then Re-Promo it?

Thanks for any help.

Manick

**jamesreedersmith** · 13th December 2011, 03:13 PM

If its only a DC/DNS server then dump it and build a new one!

**jsnetman** · 13th December 2011, 03:22 PM

Do you not need to do a Non Authorative Restore on the duff DC, I think that would work.

http://technet.microsoft.com/en-us/l...83(WS.10).aspx

**3s-gtech** · 13th December 2011, 03:24 PM

Dump it and re-build. Lesson - do not snapshot DCs! System State them, but with the nature of multiple DCs you should not need to have snapshots anyway.

**manick** · 13th December 2011, 03:34 PM

Thanks for that,

It provides network shares, DHCP, DNS and is also a print server. I think what I'll do is bring up a DC3 and DCpromo it, attach the shared storage to it and then demote DC2 cleam it up and bring it back up.

When i say snapshot, I mean a VM snapshot.

Many thanks

Manick

**sparkeh** · 13th December 2011, 03:42 PM

Never snapshot a VM DC, it is not recommended by MS and bad things can come of it.
~~I would try the Non Authorative Restore as suggested by @jsnetman as that should bring it in line with the other DC.~~ edit: didn't actually mean this, see below.

**sted** · 13th December 2011, 03:43 PM

Originally Posted by sparkeh

Never snapshot a VM DC, it is not recommended by MS and bad things can come of it.
I would try the Non Authorative Restore as suggested by @jsnetman as that should bring it in line with the other DC.

i suspect if its the only dc its not that bad but with multi dcs somethings bound to go wrong

**manick** · 13th December 2011, 03:49 PM

Hi,

Is it the case that I should be able to just do a Demote and then promote it again? Surely when It's promoted it'll pick up AD from the remaining workable DC1?

Again, thanks

manick

**3s-gtech** · 13th December 2011, 04:09 PM

Originally Posted by manick

When i say snapshot, I mean a VM snapshot.

I realise, as @sparkeh says you must not snapshot a VM DC.

In theory, it should pick up again from the remaining DC if you dcpromo. Make sure that has all necessary roles and that AD works okay with just that one online.

**sparkeh** · 13th December 2011, 04:24 PM

Sorry I didn't actually mean to use the process linked to by @jsnetman but rather the process for Nonauthoritative restore here: Using the BurFlags registry key to reinitialize File Replication Service replica sets
Read the article and I think it applies to your situation, the process just makes the borked AD reinitialise with the good AD.

**m25man** · 13th December 2011, 06:48 PM

Does this not underpin the argument about maintaining a dedicated hardware server for the sole purpose of maintaining the AD?

Thats what we do, we always have a 1u single cpu server with a pair of mirrored (preferably SAS HDD's) and a USB drive attached using the Windows 2008R2 bare metal backup running. It does very little else than maintain a bullet proof copy of the forest.
Everything else is virtualised.

**ricki** · 14th December 2011, 10:04 AM

HI

If a windows 2008 domain controller that has not spoken to the other domain controller for a bit it will refuse to replicate.

Now you need to do some reading before doing any of this and make sure you know what the consequences are.

Event ID 2042: It has been too long since this machine replicated: Active Directory

Richard

**sparkeh** · 14th December 2011, 10:16 AM

@ricki from the info given by the OP its does not look like he is in that position, there is no mention of that error and the AD is different by three weeks which is much shorted than the tombstone period.

**HallX** · 14th December 2011, 10:21 AM

Originally Posted by m25man

Does this not underpin the argument about maintaining a dedicated hardware server for the sole purpose of maintaining the AD?

I was on a 2008 server course 3 weeks ago, instructor told us in no uncertain terms, NEVER virtualize a live DC, always use a dedicated hardware server. This is MS advise.

**sparkeh** · 14th December 2011, 10:24 AM

Originally Posted by HallX

I was on a 2008 server course 3 weeks ago, instructor told us in no uncertain terms, NEVER virtualize a live DC, always use a dedicated hardware server. This is MS advise.

Can you clarify this? Are you saying you were told never to virtualise a DC?

LinkBack

Thread Tools

Search Thread

AD replication shafted!

Similar Threads

Adding a server to domain and replication

AD replication

AD Replication Error

Adding shortcuts to Sims.net

Adding you links to the downloads section.

Thread Information

Users Browsing this Thread

Posting Permissions