When you are complete with the /forceremoval of this errant DC and have performed the metadata cleanup on one of the other DC's, you should be able to seize the PDC Emulator role using the GUI or NTDSUtil. After that's all done, just ensure that the changes have replicated around...then you can put the PDC on another server if you like (via a transfer of the role).
I hope that helps! Have a great night / weekend! Robert Williams, MCSE NT4/2K/2K3, Security+ Infrastructure Rapid Response Engineer Northeast Region Microsoft Corporation Global Solutions Support Center -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Friday, May 27, 2005 4:25 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Error in PDC Operations Master Because I believe my errant DC to by my PDC will that be a problem demoting it and then re-introducing it to the domain? Here is a screen shot of my Operations Masters... http://www.mjbdesignz.com/temp/OM.htm Thanks, -- Matt Brown [ SELECT * FROM IT WHERE EyeContact=True ] Information Technology System Specialist Eastern Washington University -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Friday, May 27, 2005 12:39 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Error in PDC Operations Master That's what I expected. Choice 1 - Mod. the registry and permit the errant DC to re-enter the replication topology (not recommended) Choice 2 - Forcibly demote the errant DC, cleanup its metadata and reintroduce it through DCpromo Caveats - Choice 1: lingering objects may exist Choice 2: you'll lose any changes locally introduced to the errant DC that occurred after its last successful replication attempt ? -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Friday, May 27, 2005 3:08 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Error in PDC Operations Master 1. Number of DCs/Domain/Sites 3 Sites -> Site A has DC1 & DC2 -> Site B DC3 -> Site C DC4 2. OS version of DCs -> All DCs are running Windows 2003 Server Standard 3. Are the remaining DCs replicating successfully? -> According to DC diag they all passed replications -> They do all show in the DC diag the following: DC=domain,DC=ewu,DC=edu Last replication recieved from DC2 at 2005-03-23 02:00:40. WARNING: This latency is over the Tombstone Lifetime of 60 days! Thanks, -- Matt Brown [ SELECT * FROM IT WHERE EyeContact=True ] Information Technology System Specialist Eastern Washington University -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Friday, May 27, 2005 11:16 AM To: Send - AD mailing list Subject: RE: [ActiveDir] Error in PDC Operations Master It seems the FSMO errors you're receiving are merely symptoms of another more significant problem; my guess is that your DCs have been ignoring one another for quite some time, i.e. - not replicating. Before proceeding, can you give me some more info. - 1. Number of DCs/Domain/Sites 2. OS version of DCs 3. Are the remaining DCs replicating successfully? -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Friday, May 27, 2005 2:05 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Error in PDC Operations Master Well, I have quite a few weird things going on. Roles: (both DCs in same site) DC2 = PDC role, RID pool manager DC1 = Infrastructure owner, schema owner, domain role owner When I look at the Operations Masters... -> from DC1 It shows ERROR for RID & PDC, & shows DC1 in Infrastructure -> from DC2 it shows ERROR for PDC, & shows DC2 for RID & DC1 for Infrastructure So neither DC1 or DC2 know who the PDC is. (It should be DC2) When I use the "netdom query fsmo": -> from DC1 it shows the roles as it should like above from DC2 it shows -> the PDC role as DC1 rather than itself 1. When I try to manually replicate from DC2 to DC1 I get an error about "Target Principal Name Incorrect" After completing Article ID 288167 about resetting password (netdom resetpwd) and trying to replicate, I get a tombstone error between the 2 domains saying it has exceeded tombstone lifetime and cannot continue. 2. When I try to manually replicate from DC1 to DC2 I get the same error about "Target Principal Name Incorrect" but this is where I've stopped because DC2 is supposed to be the PDC and the KB article makes it sound like the PW should only be reset on the non PDC machines. All in all, my PDC seems to have amnesia and doesn't seem to remember that it's the PDC Thanks, -- Matt Brown [ SELECT * FROM IT WHERE EyeContact=True ] Information Technology System Specialist Eastern Washington University -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Friday, May 27, 2005 8:53 AM To: Send - AD mailing list Subject: RE: [ActiveDir] Error in PDC Operations Master What does the machine question report within its event log? -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Friday, May 27, 2005 11:32 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Error in PDC Operations Master My Dcdiag output shows the following error: ############################# Starting test: KnowsOfRoleHolders Warning: STF2 is the PDC Owner, but is not responding to DS RPC Bind. [STF2] LDAP bind failed with error 8341, A directory service error has occurred.. Warning: STF2 is the PDC Owner, but is not responding to LDAP Bind. Warning: STF2 is the Rid Owner, but is not responding to DS RPC Bind. Warning: STF2 is the Rid Owner, but is not responding to LDAP Bind. ......................... STF1 failed test KnowsOfRoleHolders Starting test: RidManager ......................... STF1 failed test RidManager Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... STF1 failed test frsevent Starting test: FsmoCheck Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355 A Primary Domain Controller could not be located. The server holding the PDC role is down. ......................... domain failed test FsmoCheck ############################# Thanks, -- Matt Brown [EMAIL PROTECTED] Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--------------------------------------+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--------------------------------------+ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Friday, May 27, 2005 8:12 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Error in PDC Operations Master Hi, My PDC just started acting up and is showing an error in the PDC box under Operations Master. The only recent change that I can think of to the server was I uninstalled & re-installed the Certificate Authority 3 or 4 times, which was installed on the PDC. Thanks, -- Matt Brown [ SELECT * FROM IT WHERE EyeContact=True ] Information Technology System Specialist Eastern Washington University List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
