Hi all, At the moment we have 4 domain controllers. In the past someone deleted a domain controller (web-arr) in the wrong way. No we have a problem wit DFS for the sysvol replication. When I run "Create Diagnostic Report" in DFS management. I see the following error: DFS Replication cannot replicate with partner Web-ARR due to a communication error. That's correct, the server Web-ARR doesn't exist. But how can I remove this server. This server is not listed in DFS management. The members have all state 2 : Initial sync Within AD I don't see any references to this server Code: PS C:\Users\administrator.ASTERISQUE> dsquery server -o rdn DC-LANDGRAAF BDC-EINDHOVEN DC-WIJCHEN DC-BOERHAAVE WHPDC02 I also checked AD Sites and services. Thanks in advance
I don not see a namespace regarding sysvol. I have only a Replication "Domain System Volume" I only see manual created namespaces
I'm not really a DFS guru, the last time I used it was like in 2012. So I'm afraid can't help futher BTW I vaguely remember I had a similar problem and likely I fixed It from the dfs manager removing the failed server from it, but I can't really detail further
Sure ADSI edit does things that ADUC and AD Sites and Services can't do, anyway I had to resort to ADSI edit only when the situation was really messed up, but in my eperience I never faced a situation where ntdsutil was able to show leftovers that the GUI tools didn't remove. Personally I use ntdsutils just to seize/transfer roles because doing that via GUI is way more time consuming (the exact opposite of the previous case). Then each one has his own experiences and the mileage may vary
ntdsutil does not list the domain controller I want to remove (web-arr) Code: ntdsutil: metadata cleanup metadata cleanup: select operation target select operation target: list domains Found 1 domain(s) 0 - DC=asterisque,DC=nl select operation target: select domain 0 No current site Domain - DC=asterisque,DC=nl No current server No current Naming Context select operation target: list sites Found 1 site(s) 0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=asterisque,DC=nl select operation target: select site 0 Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=asterisque,DC=nl Domain - DC=asterisque,DC=nl No current server No current Naming Context select operation target: list servers Error parsing Input - Invalid Syntax. select operation target: list servers in site Found 5 server(s) 0 - CN=BDC-EINDHOVEN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=asterisque,DC=nl 1 - CN=DC-WIJCHEN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=asterisque,DC=nl 2 - CN=DC-LANDGRAAF,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=asterisque,DC=nl 3 - CN=DC-BOERHAAVE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=asterisque,DC=nl 4 - CN=WHPDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=asterisque,DC=nl
This is normal behaviour. Try to look with adsiedit and search through the registry to find any clues. Sorry, I don't have a ready answer to this. If you are allowed by the business and feel confident enough, you could try to create a temporary or even permanent domain controller with exactly the previous name if ntdsutil cannot find it, which means it does not exist in the AD metadata. It is possible that by doing this and if needed by removing gracefully the new DC, you would achieve the resetting of the bad behaviour and get DFS into a consistent state.
Yep those are the two next obvious steps, diving in to ADSIedit is usually a boring and long process but leads to effective results Worth a try if everything else fails, but I'm afraid there are some GUId involved that differs from the human readable naming