Q

Problems editing and applying user OUs after crashed server

After an upgrade to Windows Server 2003, one admin experienced User OU problems. Here's our expert's advice.

Q: I recently rebuilt a crashed Windows Server 2003 and none of the User OUs replicated from the second (2000 server) DC were editable due to loss of permission. After upgrading the second DC to Windows Server 2003 and re-building User OUs, they are now editable but not now being applied. What is going on?

A: When the system crashed, I assume that it was a Domain Controller. You rebuilt the machine, but did you first check to see if the FSMO roles were all on the Windows 2000 machine? Since you did not do a system restore to the Windows 2003 server you may have created some confusion for the AD on who is the holder of the FSMO roles. Check to see which server currently has all of the FSMO roles. If it is divided up between the two, I would move them to the Second server (old Windows 2000). Then, run DCDIAG on each of the domain controllers and see if they can all communicate correctly. DCDIAG from the Windows support tools on the original Windows 2003/2000 CD that you installed from. 

Scan the event logs (System, Directory, File Replication) for errors regarding replication. You may only have one real working Domain Controller (likely the second DC). Correcting the replication issue may resolve the problem. You can also use REPLMON, again from the Support Tools, to check on the status and force replication.

If the Windows 2003 machine actually crashed, you may be looking at corruption in the Active Directory. The corrective measure would be to restore from a known good copy.

This was first published in August 2005

Dig deeper on Microsoft Active Directory Migration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close