question

KeithVKlenke-7769 avatar image
0 Votes"
KeithVKlenke-7769 asked DSPatrick commented

One DC is pulling FSMO from an AD server that doesn't exist, other DC sees FSMO correctly

I have 2 DC, one onpremDC, one hostedDC. There was some previous work where an RDS server was made a DC and FSMO moved to it, then the hostedDC was made the DC & FSMO moved to it, then AD removed from the RDS server. However, the onpremDC still sees the RDSserver as holding all the FSMO (even though it is no longer an AD server). Each DC was only pointing to itself for DNS, so I fixed that, however "netdom query fsmo" from onpremDC still shows the RDSserver (that doesn't exist as an AD server now) as the holder. HostedDC shows itself as fsmo holder (which it should be). Obviously AD/dns/replication issues abound. Onprem will be going away soon anyways, so I was wondering should I put more time in trying to fix onpremDC (thought was it wouldn't take long to fix it, then it could be cleanly decommissioned)? I am not 100% sure AD is perfectly healthy with cloudDC (all clients are only pointing to cloudDC currently & "seem" to be working), otherwise, I would be tempted to just decom onpremDC and run through any metadata/cleanup needed to purge any reference to onpremDC & if there are any leftovers of RDS-DC. Eventually, I'll add a second hostedDC for the environment, but that is not currently scheduled. If I should fix onpremDC first, how do I tell it to pull the correct server as the fsmo role holder, assuming that is the big issue that needs to be fixed first? All server 2016.

windows-serverwindows-active-directorywindows-server-2016
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick commented

Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\dc3.txt

then put unzipped text files up on OneDrive and share a link.


· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·

Some info, working to onedrive upload the rest
This is the status after using ntdsutil to metadata cleanup the RDSdc server which is no longer a DC
"netdom query fsmo"
onpremDC:
netdom query fsmo
Schema master Warning: role owner is a deleted DC: CN=NTDS Settings\0ADEL:guid1,CN=RDSdc
Domain naming master onpremDC.addomain.tld
Before this pointed to the RDSdc, it was not pointing to itself
PDC
Warning: role owner is a deleted DC: 0ADEL:guid1,CN=RDSdc
RID pool manager
Warning: role owner is a deleted DC: 0ADEL:guid1,CN=RDSdc
Infrastructure master
* Warning: role owner is a deleted DC: 0ADEL:guid1,CN=RDSdc

hostedDC:
netdom query fsmo
Schema master hostedDC.addomain.tld
Domain naming master onpremDC.addomain.tld Before this pointed to hostedDC, not onpremDC
PDC hostedDC.addomain.tld
RID pool manager hostedDC.addomain.tld
Infrastructure master hostedDC.addomain.tld


"nltest /dclist:addomain"
onpremDC - only sees itself
nltest /dclist:addomain
Get list of DCs in domain 'addomain' from '\\onpremDC'.
onpremDC.addomain.tld [DS] Site: Default-First-Site-Name

hostedDC - sees both DC
nltest /dclist:addomain
Get list of DCs in domain 'addomain' from '\\hostedDC'.
onpremDC.addomain.tld [DS] Site: Default-First-Site-Name
hostedDC.addomain.tld [PDC] [DS] Site: Default-First-Site-Name

0 Votes 0 ·
DSPatrick avatar image DSPatrick KeithVKlenke-7769 ·

Please put up the requested files;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\dc3.txt

then put unzipped text files up on OneDrive and share a link.



0 Votes 0 ·
Show more comments

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello,

Thank you for your question.

I would like to suggest you to check below Troubleshooting steps.

If netdom query still FSMP roles holing to RDS server then it could be due to Replication is not being completed or its still pending.
I would suggest you to download Active Directory Replication Status Tool and Fix replication issues before removing old RDSserver .

https://www.microsoft.com/en-in/download/details.aspx?id=30005

Please also disable any firewall or Antivirus program which may blocking to get AD synced between DCs.



If the reply was helpful, please don’t forget to upvote or accept as answer.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.