Steps to repair non-replicating AD
Information Sources:
http://blogs.dirteam.com/blogs/jorge/archive/2006/03/08/597.aspx
http://support.microsoft.com/kb/870695
Procedure for using the recovery option:
- “Restore” the image
- !!! Boot into DSRM !!! (not connected to the network)
- Note the value of “DSA Previous Restore Count”
(HKLM\System\CurrentControlSet\Services\NTDS\Parameters) (Not visible? –> Assume value of 0) - Add the entry “Database restored from backup” (DWORD) with a value of 1
(HKLM\System\CurrentControlSet\Services\NTDS\Parameters) (This triggers the actions needed for AD right after a system state restore!) - Stop the “File Replication Service (NTFRS)” and assign the value “D4” (for auth. or primary restore) or “D2” (for an non-auth. restore) to the entry “BurFlags” in (HKLM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup)
(This triggers the actions needed for the SYSVOL right after a system state restore!) (and other replicated DFS namespaces!)
(also see: Using the BurFlags registry key to reinitialize File Replication Service replica sets – http://support.microsoft.com/?id=290762) - Boot into normal DC mode (not connected to the network)
- Check the value of “DSA Previous Restore Count”
(HKLM\System\CurrentControlSet\Services\NTDS\Parameters) (New value = old value + 1) - In the DS event log check for event ID 1109
- In the FRS event log check for event ID 13565 & 13520 if a non-auth. restore was performed for the SYSVOL
- In the FRS event log check for event ID 13566 if an auth. restore was performed for the SYSVOL
- Connect to the network again
- Check the health of the DC (AD & SYSVOL)
- DCDIAG /D /C /V
- NETDIAG /DEBUG /V
- GPOTOOL.EXE /CHECKACL /VERBOSE
- REPADMIN.EXE /SHOWUTDVEC <FQDN DC> <NC>
- DONE!
SYMPTOMS
Type: Error
Source: NTDS Replication
Category: Replication
Event ID: 1988
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: Computer_name
Description:
The local domain controller has attempted to replicate the following object from the following source domain controller. This object is not present on the local domain controller because it may have been deleted and already garbage collected.
Source domain controller:
GUID-based_domain_controller_FQDN
Object:
object_distinguished_name
Object GUID:
object_GUID
Replication will not continue with the source domain controller until the situation has been resolved.
CAUSE
RESOLUTION
1. | Designates an up-to-date domain controller as the authority. This domain controller acts as the authoritative directory replica. |
2. | Compares the Active Directory Directory service database objects on the authoritative server with the objects that are on the source replication partner that contains the lingering objects. |
3. | Either removes the lingering objects or logs the potential deletions to the Directory Services event log. The behavior depends on whether you use the /advisory_mode parameter. |
To use the repadmin /removelingeringobjects command, follow these steps.
Note To use the repadmin /removelingeringobjects command, both the source domain controller and the destination domain controllers must be running Windows Server 2003.
1. | Install the Repadmin tool. The Repadmin tool is included with the Windows Server 2003 Support Tools that are included with the Windows Server 2003 CD-ROM. To install the support tools, double-click Suptools.msi in the CD_Drive:\Support\Tools folder. | ||||||||||||||
2. | At the command prompt, type repadmin /removelingeringobjects Destination_domain_controller Source_domain_controller_GUID Directory_partition /advisory_mode, and then press ENTER.Note The /advisory_mode parameter is optional. You can use this parameter to make sure that the lingering object that is reported in event ID 1988 exists in the Active Directory database on the server that you suspect has the lingering objects. When you use this parameter, the lingering objects are not removed. Instead, the /advisory_ mode parameter lets you view the results of the command before you take action to remove any objects from the folder. We recommend that you always use the /advisory_ mode parameter before you use Repadmin to delete the lingering objects.
|
||||||||||||||
3. | Repeat the procedure for the following partitions, as needed:
|
Example of the command syntax
The following is an example of the repadmin /removelingeringobjects command syntax for the fictional Example.com domain:
If the command runs successfully, you receive the following message:
Leave a comment