Windows Domain Controller Offline

      Yorum yok Windows Domain Controller Offline

Windows Domain Controller Offline

https://support.microsoft.com/en-us/kb/947022

 

Changing the Registry
HKLM\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady to state of 1

Reregister Domain  any DC or Domain Member Server 

C:\WINDOWS\system32>netdom resetpwd /s:DC1.ttclocal.com.tr /ud:ttclocal\dcadminonsite /pd:"Pa$$W0rd12!"
The machine account password for the local machine has been successfully reset.

The command completed successfully.

C:\WINDOWS\system32>hostname
DC

Having that said, those DCs are 2012 R2 server and as mentioned, they were up and running, no reboots or anything it just ‘randomly’ happened.

Open up ADSI Edit

stop dfsr service
Change the following attributes to the following values
msDFSR-Enabled=FALSE
msDFSR-options=1
start dfsr netlogon service
(Working Values)
msDFSR-Enabled=TRUE
msDFSR-options=0

For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

check working 4=normal result


Install-WindowsFeature RSAT-DFS-Mgmt-Con
DFSRDIAG POLLAD
repadmin /syncall TTDC /APed


Import-Module GroupPolicy -SkipEditionCheck

The SkipEditionCheck parameter is required, because the GroupPolicy module hasn't had CompatiblePSEditions in the module manifest set to include Core.

Create a folder for the backups:

New-Item -ItemType Directory -Path C:\ -Name GPObackup

Use the date to create a subfolder name and create the subfolder for the current backup:

$date = (Get-Date -Format 'yyyyMMdd').ToString()

New-Item -ItemType Directory -Path C:\GPObackup\ -Name $date

Run the backup:

Backup-GPO -All -Path (Join-Path -Path C:\GPObackup -ChildPath $date)

Stop-Service DFSR

On domain controllers where you can't perform a restore, you'll need to rebuild the SYSVOL tree folder structure and share structure.
On the domain controller with the SYSVOL you want to fix -- or the one with the data you need to replicate -- disable DFSR and make the server authoritative.

Get-ADObject -Identity "CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=TTSDC01,OU=Domain Controllers,DC=Sphinx,DC=org" -Properties * |

Set-ADObject -Replace @{'msDFSR-Enabled'=$false; 'msDFSR-options'=1}

Disable DFSR on the other domain controllers in the domain. The difference in the commands is you're not setting the msDFSR-options property.

Get-ADObject -Identity "CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=TTSDC02,OU=Domain Controllers,DC=Sphinx,DC=org" -Properties * |

Set-ADObject -Replace @{'msDFSR-Enabled'=$false}

https://www.checkyourlogs.net/how-to-fix-missing-sysvol-and-netlogon-share-and-replication-issues-on-new-domain-controller-at-azure/

https://www.resilio.com/blog/how-to-check-dfs-replication-status

https://medium.com/@CHSuworatrai/sysvol-and-group-policy-out-of-sync-on-server-2012-r2-dcs-using-dfsr-ae79cac3f23c

https://searchwindowsserver.techtarget.com/tip/How-to-rebuild-the-SYSVOL-tree-when-none-exists-in-Active-Directory

https://www.manageengine.com/products/active-directory-audit/kb/how-to/how-to-check-if-domain-controllers-are-in-sync-with-each-other.html

 

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

This site uses Akismet to reduce spam. Learn how your comment data is processed.