Ask the Expert

Active Directory doesn't work after a system state restore

I have a Windows 2000 server as the main DC. I did a manual removal of Exchange, but my IIS Web page didn't work after that, so system state was restored. However, I have had trouble ever since: Users are not able to access some of their file shares; Active Directory is sluggish when making changes; and my second DC can't access the main DC any more.

A cause of this could be that the AD Exchange object was deleted, and it doesn't come back after restore and AD replication changes things including in sysvol. I tried to do an authoritative restore but got an error message.

Should I remove AD from the second DC and then restore the system state to the main DC so it won't replicate? Would this fix it? I'm trying to avoid reinstalling everything. Thanks!

Requires Free Membership to View

Exchange and Active Directory co-mingle the metadata and require the use of command line tools for clearing references. Check the MS Knowledge Base. I have use these tools for removing orphaned entries following a domain controller failure.

Member feedback:
I appreciate the fast answer, and I suppose I should have said in my question, but I have been all over the MS Knowledge Base looking for answers that I couldn't find. But your answer is too vague; I have no idea where I am supposed to search and what command line utilities you are talking about. Maybe you could mention one or two that might help me?

Howard's response:
This step is found at Microsoft Technet > Windows Server 2003 Operations (applies to Win2K also) > Active Directory Operations Guide > Administering Active Directory Backup and Restore > Managing Active Directory Backup and Restore > Restoring and Domain Controller through Reinstallation.

If the controller is sill listed in the AD U&C Domain Controller OU, right-click the computer object for the failed/removed controller and click DELETE then click "Yes."

Most likely that won't work because the entry went away when you removed the controller manually, but the metadata links did not and that is causing replication errors.

These procedures are found at Microsoft Technet > Windows Server 2003 > Active Directory Operations Guide > Administering Active Directory > Administering Domain Controllers > Managing Domain controllers.

  1. In the left pane, choose Products and Technologies.
  2. In the pop-up box, choose Server Operating Systems.
  3. In that pop-up box, choose Windows Server 2003 Tech Center.
  4. From the alphabetical listing choose Active Directory.
  5. On the Active Directory Home page choose Active Directory Operations Guide.
  6. On the Guide homepage choose Administering Domain Controllers.
  7. Choose "Managing Domain Controllers" from this page.
  8. You have to scroll to the bottom of the list to choose "Forcing the Removal of a Domain Controller."
  9. Print this page then go to link #1, "Identify replication partners."
  10. Print the page(s) at "Identify replication partners," then go back to "Forcing …."
  11. Go to the link #2, "Force domain controller removal."
  12. Print this page and then go back to "Forcing …."
  13. Go to the last link, "Clean up server metadata."
  14. Print these pages.
Read theses pages at least twice, especially "Clean up…" Typographical errors may occur. Much like editing the Registry, changes are fast and dangerous.

Having saved myself the typing of six or seven pages and the potential for mistakes, I will tell you that these procedures do work and while not every prompt will look the same since you are on Windows 2000 and not Windows 2003, the steps are easy to follow. There is a LOT of "two steps forward, one step back" to get through.

This was first published in September 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: