How to revive a dead DNS server running on the last standing domain controller after seizing all other DCs

Leave a Comment / By /

On the last domain controller run ntdsutil.exe to clear all metadata

c:\>ntdsutil
ntdsutil: metadata cleanup
metadata cleanup: connections
server connections: connect to server localhost
server connections: quit
metadata cleanup: select operation target
select operation target: list domain
select operation target: select domain 0
select operation target: list sites
select operation target: select site 0
select operation target: list servers in site
select operation target: select server X (dead server)
select operation target: quit
metadata cleanup: remove selected server
(Yes on pop-up window)

Execute below command and remove all dead DCs

c:\>adsiedit.msc

Launch and see if DNS server role is working well

c:\>dnsmgmt

Attempt replication (you may get errors if you have old DC records)

c:\>repadmin /syncall
CALLBACK MESSAGE: Error contacting server 73ebbc21-fbfb-449e-b40b-fe9348fc880a._
msdcs.xxxdomain.com.sg (network error): -2146893022 (0x80090322):
The target principal name is incorrect.
SyncAll exited with fatal Win32 error: 8440 (0x20f8):
The naming context specified for this replication operation is invalid.

Launch Active Directory Sites and Services

c:\>dssite.msc

 Stop Kerberos Key Distribution Center

c:\>net stop kdc

Delete all tickets and purge them

c:\>klist purge
Current LogonId is 0:0xa65b7a
Deleting all tickets:
Ticket(s) purged!

Start Kerberos Key Distribution Center service

c:\>net start kdc

Refresh all the network stuff

ipconfig /flushdns & net stop dns & net stop netlogon & net start dns & net
start netlogon & ipconfig /registerdns

Reattempt replication (you shouldn’t get error now 🙂

c:\>repadmin /syncall
c:\>repadmin /syncall /AdePq
c:\>repadmin /replsum

On brand new server run Dcpromo.exe for Additional Domain Controller
Ensure new ADC is also a Global Catalog.

Attempt replication (You may get error)

C:\>repadmin /syncall
CALLBACK MESSAGE: The following server could not be reached (topology incomplete
): 73ebbc21-fbfb-449e-b40b-fe9348fc880a._msdcs.yDomain.com.sg
CALLBACK MESSAGE: SyncAll Finished.

SyncAll reported the following errors: 
The following server could not be reached (topology incomplete): 73ebbc21-fbfb-449e-b40b-fe9348fc880a._msdcs.yDomain.com.sg

(Replication resumed after this command)

C:\>repadmin /kcc *

Reattempt replication (you shouldn’t get any error on ADC too 🙂

c:\>repadmin /syncall
c:\>repadmin /syncall /AdePq
c:\>repadmin /replsum

Leave a Comment

Your email address will not be published. Required fields are marked *