Wow, I can't believe they actually still have that hack officially documented. I recall when someone asked Kwan about it at last year's spring DEC he about tripped over his own tongue and nearly fell off the podium trying to spit out how unsupported that was but he understood the reasoning behind it for the single user mode issue with /forceremoval. Basically if you do this, don't forget the steps of promoing into a bogus Domain and back out after the fact. It works great though I had heard once that someone lost a machine doing this. Probably a typo in the registry mod or the machine was just screwed anyway.
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cace, Andrew Sent: Monday, February 14, 2005 3:32 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] suggestions for tombstoned DC recovery? If DCPROMO won't work, even with the /FORCEREMOVAL flag, the following MS KB Article has a reghack that will allow you to remove the domain controller. We had to do this at a remote site in Europe, where the technical guys had "gone home for the day". http://support.microsoft.com/default.aspx?scid=kb;en-us;332199 -Andrew -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Monday, February 14, 2005 1:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] suggestions for tombstoned DC recovery? It's not that DCPROMO was not an option, it just didn't work - also "access denied". Mike Thommes -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, February 14, 2005 11:39 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] suggestions for tombstoned DC recovery? Why is DCPROMO not an option? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Monday, February 14, 2005 12:27 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] suggestions for tombstoned DC recovery? One of our admins restored a DC from a backup greater than 60 days old. There are no newer backup copies. Replication is not working - "Access denied". Also, the restored DC cannot be dcpromo'd out. Rebuilding the computer from scratch is not an option. Repadmin and nltest operations are unsuccessful. Does anyone have any tricks up their sleeve for getting this once-working DC to "play nice again"? I keep thinking that an nltest with a secure channel reset option, followed by a repadmin operation with a force option using the one good DC as an authoritative source - should be the answer. But it doesn't seem to work. Any help is appreciated! Thanks. Mike Thommes List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/