Discussion in 'Active Directory' started by Tec, Sep 30, 2005.

  1. Tec

    Tec Guest

    Why AD Users and Computers & AD Sites and Services utilities start with
    SERVER_B instead of SERVER_A which holds most of the FSMO roles??
    SERVER_B is in local locar area but further than SERVER_A... Before it was
    SERVER_A but we had to re-install it. Will it be possible to change/fix it?
    Thanks in advance,
    Tec, Sep 30, 2005
  2. Tec

    Don Wilwol Guest

    You had to reinstall it but it still holds the FSMO roles? Have you verified
    Also, how about DNS. ADU&C uses DNS to find the domain. Is ServerA listed?
    Are the DNS records correct?

    Hope it helps


    Don Wilwol
    Don Wilwol, Oct 2, 2005
  3. The DC that is the focus of the snap-in is picked using the normal locator
    process - which means via DNS based on site membership. Only the GPO editor
    defaults to the PDCe.

    If these machines are in different [active directory] sites, and the
    'closest' one isn't being used, you have either incorrectly configured sites
    and services, have some DNS registration issues, or both.

    If you demoted the first DC before reinstalling then the OM roles were moved
    to the closest partner; if you didn't demote it cleanly, you have additional
    issues and should fix them by performing what is known as a metadata cleanup
    (Google for the KB to do this).
    Paul Williams [MVP], Oct 3, 2005
  4. Tec

    Tec Guest

    Thanks for your kind responses, all of this was because I re-installed the
    main DC, which held most of the FSMOs. It was correctly done, demoted-OS
    installation-promoted, and FSMOs roles were migrated using ADU&C, S&S and
    D&T, however I'm receiving these messages in EVT that I'm not sure are

    This is the replication status for the following directory partition on the
    local domain controller.
    Directory partition:
    The local domain controller has not recently received replication
    information from a number of domain controllers. The count of domain
    controllers is shown, divided into the following intervals.
    More than 24 hours:
    More than a week:
    More than one month:
    More than two months:
    More than a tombstone lifetime:
    Tombstone lifetime (days):
    Domain controllers that do not replicate in a timely manner may encounter
    errors. It may miss password changes and be unable to authenticate. A DC that
    has not replicated in a tombstone lifetime may have missed the deletion of
    some objects, and may be automatically blocked from future replication until
    it is reconciled.
    To identify the domain controllers by name, install the support tools
    included on the installation CD and run dcdiag.exe.
    You can also use the support tool repadmin.exe to display the replication
    latencies of the domain controllers in the forest. The command is "repadmin
    /showvector /latency <partition-dn>".

    FYI: this network has one AD with DNS&WINS with about 1,300 pcs. About five
    sites each with its own DC and primary DNS (same name however). AD is native
    2000, and we are trying to get all servers to 2003. All PCs are W2K or XP.

    I appreciate your help/comments very much,
    Tec, Oct 3, 2005
  5. OK, so whatever DC logged that message hasn't replicated with any of it's
    partners in a week. This is one of two things - DNS lookup issue
    (probably); network connectivity issue.

    Before anything else, I would point this at one of the other DCs (that is
    also a DNS server) for DNS and restart NETLOGON (after ensuring you haven't
    stopped the DHCP _Client_ service on this DC). Then I would force
    replication using REPLMON. [1]
    Paul Williams [MVP], Oct 3, 2005
