Windows Domain Controller Offline

      Yorum yok Windows Domain Controller Offline

Windows Domain Controller Offline


Changing the Registry
HKLM\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady to state of 1

Reregister Domain  any DC or Domain Member Server 

C:\WINDOWS\system32>netdom resetpwd / /ud:ttclocal\dcadminonsite /pd:"Pa$$W0rd12!"
The machine account password for the local machine has been successfully reset.

The command completed successfully.


Having that said, those DCs are 2012 R2 server and as mentioned, they were up and running, no reboots or anything it just ‘randomly’ happened.

Open up ADSI Edit

stop dfsr service
Change the following attributes to the following values
start dfsr netlogon service
(Working Values)

For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

check working 4=normal result

Install-WindowsFeature RSAT-DFS-Mgmt-Con
repadmin /syncall TTDC /APed

Import-Module GroupPolicy -SkipEditionCheck

The SkipEditionCheck parameter is required, because the GroupPolicy module hasn't had CompatiblePSEditions in the module manifest set to include Core.

Create a folder for the backups:

New-Item -ItemType Directory -Path C:\ -Name GPObackup

Use the date to create a subfolder name and create the subfolder for the current backup:

$date = (Get-Date -Format 'yyyyMMdd').ToString()

New-Item -ItemType Directory -Path C:\GPObackup\ -Name $date

Run the backup:

Backup-GPO -All -Path (Join-Path -Path C:\GPObackup -ChildPath $date)

Stop-Service DFSR

On domain controllers where you can't perform a restore, you'll need to rebuild the SYSVOL tree folder structure and share structure.
On the domain controller with the SYSVOL you want to fix -- or the one with the data you need to replicate -- disable DFSR and make the server authoritative.

Get-ADObject -Identity "CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=TTSDC01,OU=Domain Controllers,DC=Sphinx,DC=org" -Properties * |

Set-ADObject -Replace @{'msDFSR-Enabled'=$false; 'msDFSR-options'=1}

Disable DFSR on the other domain controllers in the domain. The difference in the commands is you're not setting the msDFSR-options property.

Get-ADObject -Identity "CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=TTSDC02,OU=Domain Controllers,DC=Sphinx,DC=org" -Properties * |

Set-ADObject -Replace @{'msDFSR-Enabled'=$false}


Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

This site uses Akismet to reduce spam. Learn how your comment data is processed.