Active Directory domain services won't start following failed DC

Anonymous
2023-12-06T21:37:58+00:00

We lost one of our DCs due to a hardware failure. Now the remaining DC won't start Directory Services because it can't find the other one to sync to.

The remaining DC is the holder of all FSMO roles.

I'm getting the following error:

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role. 

Operations which require contacting a FSMO operation master will fail until this condition is corrected. 

The error message suggests using NTDSUTIL to seize the role to the same server. Have tried that but it didn't help.

I'm unable to remove the old server using ntdsutil because it can't connect to the domain.

Any suggestions?

thanks

Windows for business | Windows Server | Directory services | Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2023-12-07T02:54:44+00:00

    Hi Chris Hawkins 99,

    It sounds like you may need to perform a metadata cleanup to remove the failed DC from Active Directory. This will allow the remaining DC to start Directory Services and properly replicate with its partners.

    To perform a metadata cleanup, you will need to use the ntdsutil command-line tool. Here are the general steps:

    Open a Command Prompt window as an administrator: In the Start menu, right-click Command Prompt and click Run as administrator. If the User Account Control dialogue box appears, provide the Enterprise Administrator credentials as required and click Continue.

    At the command prompt, type the following command and press Enter:

    ntdsutil

    At the ntdsutil: prompt, type the following command, and then press Enter:

    metadata cleanup

    At the metadata cleanup: prompt, type the following command, and then press Enter:

    remove selected server <ServerName>

    In the Server Removal Configuration dialog box, review the messages and warnings, and then click Yes to remove the server objects and metadata.

    At this point, Ntdsutil confirms that the domain controller was successfully deleted. If you receive an error message indicating that the object could not be found, the domain controller may have been previously deleted.

    At the metadata cleanup: and ntdsutil: prompts, type quit and press Enter.

    To confirm the deletion of a domain controller, do the following:

    Open Active Directory Users and Computers. In the domain of the deleted domain controller, click Domain Controllers. In the details pane, the object of the deleted domain controller should not be displayed.

    Open Active Directory Sites and Services. Navigate to the Servers container and make sure that the server object of the deleted domain controller does not contain an NTDS settings object. You can delete the server object if no child objects are displayed below the server object. If child objects are present, do not delete the server object because it is being used by another application.

    Best regards,

    Qiuyang

    0 comments No comments