Archived from groups: microsoft.public.win2000.active_directory (
More info?)
the metadata cleanup did complete but I'm still having an issue with the
ghost boot floppy. Looking at the registry on the domain controller that i
seized the rolls to, and under the hive
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
there are several references to the failed/deleted dc. I've rebooted and it
still seems to hang around. How can I get rid of it short of editing the
registry keys?
"Herb Martin" wrote:
> "Steve" <Steve@discussions.microsoft.com> wrote in message
> news:BEEADFAE-BDAA-4A77-A2F2-1CF60C4122DD@microsoft.com...
> > Thanks in advance for support.
> > I had the first dc crash due to hardware failure. Have a backup dc that I
> > used ntdsutil to seize the fsmo roles to. Appear to have 2 issues that I
> > have identified. First am unsuccessful at removing the failed dc from AD
> > using the instructions in Article ID 216498. I have a small single domain
> > environment and when I get to step 9 which is to select domain number
> which I
> > see as 0 I can't get any further.
>
> You CONNECT to a working DC.
>
> You SELECT the "dead" DC, by:
> Select domain
> Select the site
> Select the server (DC)
>
> > Second is something I noticed trying to
> > use ghost to image a desktop machine, I can't get authenticated using the
> > ghost boot diskette. I assume that it has something to do with being
> unable
> > to get the backup dc properly promoted.
>
> Active Directory doesn't have Backup DCs -- unless they are
> running NT4 so -- there is NOTHING to promote.
>
>
> Most authentication problems are really DNS problems
> with AD.
>
> > Any suggestions greatly appreciated.
>
> Check DNS and NTDSUtil "metadata cleanup" for remove.
>
>
> NTDS metadata cleanup
>
> Search Google for:
>
> [ NTDS "metadata cleanup" remove DC Domain ]
>
> No need to add either site:microsoft.com OR microsoft:
> since the NTDS and other terms make it Microsoft specific
> by itself.
>
> Unless you WISH to restrict answers to the site:microsoft.com
> for some reason.
>
> [ NTDS "metadata cleanup" remove DC Domain site:microsoft.com ]
>
> Key points to NOTE when doing the metadata cleanup:
>
> You CONNECT to a WORKING DC.
> You SELECT the missing/dead DC or DOMAIN
>
> 'Connect' and 'Select' are technical terms in this context.
>
>
>
> DNS for AD
> 1) Dynamic for the zone supporting AD
> 2) All internal DNS clients NIC\IP properties must specify SOLELY
> that internal, dynamic DNS server (set.)
> 3) DCs and even DNS servers are DNS clients too -- see #2
> 4) If you have more than one Domain, every DNS server must
> be able to resolve ALL domains (either directly or indirectly)
>
> netdiag /fix
>
> ....or maybe:
>
> dcdiag /fix
>
> (Win2003 can do this from Support tools):
> nltest /dsregdns /server
C-ServerNameGoesHere
> http://support.microsoft.com/kb/q260371/
>
> Ensure that DNS zones/domains are fully replicated to all DNS
> servers for that (internal) zone/domain.
>
> Also useful may be running DCDiag on each DC, sending the
> output to a text file, and searching for FAIL, ERROR, WARN.
>
> Single Label domain zone names are a problem Google:
> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
>
>
>