Hi all I want to change my domain controller OS on Windows Server 2008 R2. First step was dcdiag my DC and that what i get: Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Novco\DOMAIN Starting test: Connectivity ......................... DOMAIN passed test Connectivity Testing server: Novco\NOVCO-593333B39 Starting test: Connectivity The host cafd2be7-f9e7-48bb-8813-b651389504de._msdcs.novco.local could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc ......................... NOVCO-593333B39 failed test Connectivity Doing primary tests Testing server: Novco\DOMAIN Starting test: Replications [Replications Check,DOMAIN] A recent replication attempt failed: From NOVCO-593333B39 to DOMAIN Naming Context: DC=ForestDnsZones,DC=novco,DC=local The replication generated an error (8524): Win32 Error 8524 The failure occurred at 2012-05-22 11:19:42. The last success occurred at 2011-10-04 21:49:29. 5544 failures have occurred since the last success. The guid-based DNS name cafd2be7-f9e7-48bb-8813-b651389504de._msdcs. novco.local is not registered on one or more DNS servers. [Replications Check,DOMAIN] A recent replication attempt failed: From NOVCO-593333B39 to DOMAIN Naming Context: DC=DomainDnsZones,DC=novco,DC=local The replication generated an error (8524): Win32 Error 8524 The failure occurred at 2012-05-22 11:18:42. The last success occurred at 2011-10-04 22:18:10. 5544 failures have occurred since the last success. The guid-based DNS name cafd2be7-f9e7-48bb-8813-b651389504de._msdcs. novco.local is not registered on one or more DNS servers. [Replications Check,DOMAIN] A recent replication attempt failed: From NOVCO-593333B39 to DOMAIN Naming Context: CN=Schema,CN=Configuration,DC=novco,DC=local The replication generated an error (8524): Win32 Error 8524 The failure occurred at 2012-05-22 11:17:42. The last success occurred at 2011-10-04 21:49:29. 5543 failures have occurred since the last success. The guid-based DNS name cafd2be7-f9e7-48bb-8813-b651389504de._msdcs. novco.local is not registered on one or more DNS servers. [Replications Check,DOMAIN] A recent replication attempt failed: From NOVCO-593333B39 to DOMAIN Naming Context: CN=Configuration,DC=novco,DC=local The replication generated an error (8524): Win32 Error 8524 The failure occurred at 2012-05-22 11:16:42. The last success occurred at 2011-10-04 22:09:58. 5543 failures have occurred since the last success. The guid-based DNS name cafd2be7-f9e7-48bb-8813-b651389504de._msdcs. novco.local is not registered on one or more DNS servers. [Replications Check,DOMAIN] A recent replication attempt failed: From NOVCO-593333B39 to DOMAIN Naming Context: DC=novco,DC=local The replication generated an error (8524): Win32 Error 8524 The failure occurred at 2012-05-22 11:15:42. The last success occurred at 2011-10-04 21:49:29. 5544 failures have occurred since the last success. The guid-based DNS name cafd2be7-f9e7-48bb-8813-b651389504de._msdcs. novco.local is not registered on one or more DNS servers. REPLICATION-RECEIVED LATENCY WARNING DOMAIN: Current time is 2012-05-22 11:31:33. DC=ForestDnsZones,DC=novco,DC=local Last replication recieved from NOVCO-593333B39 at 2011-10-04 21:4 9:29. WARNING: This latency is over the Tombstone Lifetime of 180 days ! DC=DomainDnsZones,DC=novco,DC=local Last replication recieved from NOVCO-593333B39 at 2011-10-04 22:1 8:10. WARNING: This latency is over the Tombstone Lifetime of 180 days ! CN=Schema,CN=Configuration,DC=novco,DC=local Last replication recieved from NOVCO-593333B39 at 2011-10-04 21:4 9:29. WARNING: This latency is over the Tombstone Lifetime of 180 days ! CN=Configuration,DC=novco,DC=local Last replication recieved from NOVCO-593333B39 at 2011-10-04 22:0 9:59. WARNING: This latency is over the Tombstone Lifetime of 180 days ! DC=novco,DC=local Last replication recieved from NOVCO-593333B39 at 2011-10-04 21:4 9:29. WARNING: This latency is over the Tombstone Lifetime of 180 days ! ......................... DOMAIN passed test Replications Starting test: NCSecDesc ......................... DOMAIN passed test NCSecDesc Starting test: NetLogons ......................... DOMAIN passed test NetLogons Starting test: Advertising ......................... DOMAIN passed test Advertising Starting test: KnowsOfRoleHolders ......................... DOMAIN passed test KnowsOfRoleHolders Starting test: RidManager ......................... DOMAIN passed test RidManager Starting test: MachineAccount ......................... DOMAIN passed test MachineAccount Starting test: Services ......................... DOMAIN passed test Services Starting test: ObjectsReplicated ......................... DOMAIN passed test ObjectsReplicated Starting test: frssysvol ......................... DOMAIN passed test frssysvol Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... DOMAIN failed test frsevent Starting test: kccevent An Warning Event occured. EventID: 0x8000051C Time Generated: 05/22/2012 11:19:12 Event String: The Knowledge Consistency Checker (KCC) has ......................... DOMAIN failed test kccevent Starting test: systemlog An Error Event occured. EventID: 0xC25A0013 Time Generated: 05/22/2012 11:14:16 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000423 Time Generated: 05/22/2012 11:15:00 Event String: The DHCP service failed to see a directory server An Error Event occured. EventID: 0x00000423 Time Generated: 05/22/2012 11:15:24 Event String: The DHCP service failed to see a directory server An Error Event occured. EventID: 0xC0000021 Time Generated: 05/22/2012 11:16:39 (Event String could not be retrieved) An Error Event occured. EventID: 0xC0000021 Time Generated: 05/22/2012 11:16:39 (Event String could not be retrieved) An Error Event occured. EventID: 0xC0000021 Time Generated: 05/22/2012 11:16:39 (Event String could not be retrieved) An Error Event occured. EventID: 0xC0000021 Time Generated: 05/22/2012 11:16:39 (Event String could not be retrieved) ......................... DOMAIN failed test systemlog Starting test: VerifyReferences ......................... DOMAIN passed test VerifyReferences Testing server: Novco\NOVCO-593333B39 Skipping all tests, because server NOVCO-593333B39 is not responding to directory service requests Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : novco Starting test: CrossRefValidation ......................... novco passed test CrossRefValidation Starting test: CheckSDRefDom ......................... novco passed test CheckSDRefDom Running enterprise tests on : novco.local Starting test: Intersite ......................... novco.local passed test Intersite Starting test: FsmoCheck ......................... novco.local passed test FsmoCheck Can some tell what i must do?

There were DC replication problem for long time and DC tombstone lifetime has been reached. Now, you should clean metadata of this DC and check if there are no lingering objects in AD database. To do metadeta cleanup in Windows Server 2008 DC, you can simply delete its computer object from "Domain Controllers" OU and the rest will be done automatically. Additionally, please check if you have no lingering objects in AD http://technet.microsoft.com/en-us/library/cc738018(v=ws.10).aspx http://support.microsoft.com/kb/317097 to install the first 2008R2 in 2003/2008 domain, you can follow an articel on my blog at http://kpytko.wordpress.com/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/ to add another DC http://kpytko.wordpress.com/2011/09/05/adding-additional-domain-controller/ and everything should be fineRegards, Krzysztof ---- Visit my blog at http://kpytko.wordpress.com

There were DC replication problem for long time and DC tombstone lifetime has been reached. Now, you should clean metadata of this DC and check if there are no lingering objects in AD database. To do metadeta cleanup in Windows Server 2008 DC, you can simply delete its computer object from "Domain Controllers" OU and the rest will be done automatically. Additionally, please check if you have no lingering objects in AD http://technet.microsoft.com/en-us/library/cc738018(v=ws.10).aspx http://support.microsoft.com/kb/317097 to install the first 2008R2 in 2003/2008 domain, you can follow an articel on my blog at http://kpytko.wordpress.com/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/ to add another DC http://kpytko.wordpress.com/2011/09/05/adding-additional-domain-controller/ and everything should be fineRegards, Krzysztof ---- Visit my blog at http://kpytko.wordpress.com

You did not explains your environement. Ok, Error -The host cafd2be7-f9e7-48bb-8813-b651389504de._msdcs.novco.local could not be resolved to an IP address. This is due to DNS Problem, On the DC please run ipconfig /flushdns ipconfig /registerdns and Restart the netlogon service from services.msc to have the SRV Records registered in DNS. You can also try running netdiag /fix on the DC to have the DNS Problem corrected. From the logs it is clear that there are some lingering objects which you need to remove from your AD using Repadmin /removeLingeringObjects. Below is the nice guide to find and remove the lingering objcets from AD http://searchwindowsserver.techtarget.com/tip/How-to-find-and-remove-lingering-objects-in-Active-Directory http://support.microsoft.com/kb/317097 Once this is done, Wait for replication to happen and check DCdiag test is passed or not. Please let us know the results once above are perfromed. Regards, _Prashant_ MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

This domain controller has been marked as Tombstoned. You will see event id 2042 in the event viewer indicating the same. This is done when a DC doesnt replicate with other DCs in the domain for more than the specified Tombstone life time period. This is Active Directory defence mechanism to avoid lingering objects and inconsistent database in the domain. The default TL period is 60 to 180 days depending upon you Windows OS version. You can read more about it here- http://technet.microsoft.com/en-us/library/cc786630(v=ws.10).aspx The best way to recover this outdated domain controller is to demote it forcefully and re-promote it. In your case you can take this approach. Ensure that there is at least one DC in healthy working stateDemote tombstone DC forcefully - http://support.microsoft.com/kb/332199Perform metadata clean-up on working DC - http://support.microsoft.com/kb/216498Upgrade Windows to 2008 (as per your plan)Re-join machine to domain and promote it as ADC HTH Sachin Gadhave MCP, MCSA, MCTS

Hello, remoe the tombstoned DC and run metadata cleanup according to http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx AFTER saving required data from the machine. Also DNS zones and zone propereties must be cleaned from the old DC/DNS and AD sites and services. After replication has occured you can reinstall the DC.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello, remoe the tombstoned DC and run metadata cleanup according to http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx AFTER saving required data from the machine. Also DNS zones and zone propereties must be cleaned from the old DC/DNS and AD sites and services. After replication has occured you can reinstall the DC.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.