Problems editing and applying user OUs after crashed server

Q: I recently rebuilt a crashed Windows Server 2003 and none of the User OUs replicated from the second (2000 server) DC were editable due to loss of permission. After upgrading the second DC to Windows Server 2003 and re-building User OUs, they are now editable but not now being applied. What is going on?

    Requires Free Membership to View

A: When the system crashed, I assume that it was a Domain Controller. You rebuilt the machine, but did you first check to see if the FSMO roles were all on the Windows 2000 machine? Since you did not do a system restore to the Windows 2003 server you may have created some confusion for the AD on who is the holder of the FSMO roles. Check to see which server currently has all of the FSMO roles. If it is divided up between the two, I would move them to the Second server (old Windows 2000). Then, run DCDIAG on each of the domain controllers and see if they can all communicate correctly. DCDIAG from the Windows support tools on the original Windows 2003/2000 CD that you installed from. 

Scan the event logs (System, Directory, File Replication) for errors regarding replication. You may only have one real working Domain Controller (likely the second DC). Correcting the replication issue may resolve the problem. You can also use REPLMON, again from the Support Tools, to check on the status and force replication.

If the Windows 2003 machine actually crashed, you may be looking at corruption in the Active Directory. The corrective measure would be to restore from a known good copy.

This was first published in August 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: