If a bare metal machine rebuild is not an option, then why not change the tombstone period to >60 days and then restore your DC again? [i.e. if your restore is 80 days old, then set the tombstone value to 81]
Modify the tombstonelifetime attribute value in cn=DirectoryServices,cn=WindowsNT,cn=Services,cn=Configuration,dc=<RootDomainName> Caveat: I'm not sure if this is possible, feasible or supported, but is the only option I can see which meets all your (stringent) requirements :) I would prefer to use dcpromo after having performed a metadata cleanup, personally. HTH, neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: 14 February 2005 17:27 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] suggestions for tombstoned DC recovery? One of our admins restored a DC from a backup greater than 60 days old. There are no newer backup copies. Replication is not working - "Access denied". Also, the restored DC cannot be dcpromo'd out. Rebuilding the computer from scratch is not an option. Repadmin and nltest operations are unsuccessful. Does anyone have any tricks up their sleeve for getting this once-working DC to "play nice again"? I keep thinking that an nltest with a secure channel reset option, followed by a repadmin operation with a force option using the one good DC as an authoritative source - should be the answer. But it doesn't seem to work. Any help is appreciated! Thanks. Mike Thommes List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ============================================================================== This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ============================================================================== List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/