Nick's Share Area!

Active Directory Metadata Cleanup Sometimes it can/will happen that a correct removal from a Domain Controller isn’t possible because of a hardware crash, you have to force the removal of a DC or the previous admin have left some “garbage” for you. So you have to do a metadata cleanup, otherwise all other DCs will try to replicate with that machine, as they are “thinking” this Domain Controller still exists, which fills also the event viewer with not wanted error messages. Additional the support tools dcdiag and repadmin or replmon will report problems. The metadata cleanup can be done with NTDSUTIL for the AD database part according to: How to remove data in Active Directory after an unsuccessful domain controller demotion The above article applies to all Windows versions starting with Windows 2000 Server up to Windows Server 2008 R2. There can also be the situation that the FSMO roles must be seized as the not longer existing DC was the owner of them: Using Ntdsutil.exe to transfer o...

netdom query FSMO // 搵下fsmo 在那部機 網域: mis.local dc&dns1: dc.mis.local (192.168.1.1) dc2&dns2: dc2.mis.local (192.168.1.2) [網域五大角色]及[通用類別目錄]都在 dc.mis.local 主機上面 狀況 dc.mis.local 主機故障且無法開機 需將網域五大角色及通用類別目錄強制轉移至dc2.mis.local主機上面 步驟 首先登入dc2.mis.local 網域控制站 到開始-->命令提示字元 執行 ntdsutil roles connections connect to server dc2.mis.local quit seize schema master (先嘗試安全轉移schema 若不行再強制轉移,下達此指令後出現下面的提示) fsmo maintenance: seize schema master 在拿取前，嘗試 schema FSMO 的安全轉移。 ldap_modify_sW 錯誤 0x34(52 (無法使用). Ldap 延伸錯誤訊息是 000020AF: SvcErr: DSID-03210333, problem 5002 (UNAVAILABLE), data 1722 傳回的 Win32 錯誤是 0x20af(要求的 FSMO 操作失敗，無法連接目前的 FSMO 持有人。) ) 錯誤碼可以指出連線、 ldap、或功能轉移錯誤。 schema FSMO 的轉移失敗，執行拿取中... 伺服器 "dc2.mis.local" 知道 5 功能 架構 - CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN =Configuration,DC=mis,DC=local 網域 - CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= Configuration,DC=mis,DC=local PDC - CN=NTDS Settings,CN=DC,CN=Servers,CN=Default...