Hi All,Need your guys help.I already configure replication domain controller - ADin my 2nd server on top of my existing domain thru dcpromo. I able to see the active directory data is successfuly downloaded from my primary dc server.THe question is:1. Should i require to do secondary replication of DNS even i alaready successful replicate of domain controller - AD?2. Is there any way to check that my replication is working or not?3. in my 2nd server(the one that i set up the replication), i unable to access sharing file either in server 1 or sharing file from workstation. once i double click it show "Window cannot access the specified device,path or file.You may not have appropriate permissions to access the item". Even i login as Administrator for the omain itself.Hope someone can help me on this.Thanks in advanced.

I'm having some trouble understanding your question. You have set up a secondary Domain Controller in your network using dcpromo and you can see the Active Directory data beeing replicated to you new server. 1. DNS is replicated using Active Directory replication, so replicatingthe DNS isn't really anything you need to do.2. You can check your event log, specifically in File Replication and Directory Service. And I suggest you run a dcdiag /v /c and post the output for us to analyze. Also run a ipconfig /all. On both the old and the new server.

1. Should i require to do secondary replication of DNS even i alaready successful replicate of domain controller - AD?If you have Ad integrated DNS then you dont need it gets automattically replicated when you install dns service on the additional domain controller.http://technet.microsoft.com/en-us/library/cc978010.aspxhttp://support.microsoft.com/kb/1984372. Is there any way to check that my replication is working or not?You can use Repadmin command to check the replication or you can also use the Active Directory Sites and Services..http://technet.microsoft.com/en-us/library/cc739234(WS.10).aspx3) in my 2nd server(the one that i set up the replication), i unable to access sharing file either in server 1 or sharing file from workstation. once i double click it show "Window cannot access the specified device,path or file.You may not have appropriate permissions to access the item". Even i login as Administrator for the omain itself.Point your server to DNS.Thankshttp://technetfaqs.wordpress.com

Hi Syed,For point 3, i already try it out but it stil unable to work. Any idea how?And also thanks for the info for point 1 and 2.Thanks.

Hi Mats,Ok, will make it clear. I try to do replication of AD on another server in my existing domain. I already install the replication thru dcpromo but i am not so sure are my replication procedures done int correctly or not. In here, need your advise.The below are info as you requested. It seem the replciation is not working. Need you assist to guide me to configure the replciation in proper way.Thank You.**DCDIAG resultDomain Controller Diagnosis Performing initial setup: * Verifying that the local machine mscsrv, is a DC. * Connecting to directory service on server mscsrv. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\MSCSRV Starting test: Connectivity * Active Directory LDAP Services Check The host 1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com couldnot be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com) couldn't be resolved, the server name (mscsrv.mscmsia.com) resolved to the IP address (136.68.92.1) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... MSCSRV failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\MSCSRV Skipping all tests, because server MSCSRV is not responding to directory service requests DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : mscmsia Starting test: CrossRefValidation ......................... mscmsia passed test CrossRefValidation Starting test: CheckSDRefDom ......................... mscmsia passed test CheckSDRefDom Running enterprise tests on : mscmsia.com Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... mscmsia.com passed test Intersite Starting test: FsmoCheck GC Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355 A Primary Domain Controller could not be located. The server holding the PDC role is down. Time Server Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc Preferred Time Server Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc KDC Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc ......................... mscmsia.com failed test FsmoCheck Starting test: DNS Test results for domain controllers: DC: mscsrv.mscmsia.com Domain: mscmsia.com TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) Error: No LDAP connectivity Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported NETLOGON service is running kdc service is running DNSCACHE service is running DC is not a DNS server Network adapters information: Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet: MAC address is 00:26:B9:3D:0D:2C IP address: 136.68.92.1 DNS servers: 136.68.92.100 (<name unavailable>) [Valid] Warning: 202.188.0.133 (<name unavailable>) [Invalid] The A record for this DC was found The SOA record for the Active Directory zone was found TEST: Records registration (RReg) Network Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet: Matching A record found at DNS server 136.68.92.100: mscsrv.mscmsia.com Matching CNAME record found at DNS server 136.68.92.100: 1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com Matching DC SRV record found at DNS server 136.68.92.100: _ldap._tcp.dc._msdcs.mscmsia.com Matching GC SRV record found at DNS server 136.68.92.100: _ldap._tcp.gc._msdcs.mscmsia.com Summary of test results for DNS servers used by the above domain controllers: DNS server: 202.188.0.133 (<name unavailable>) 1 test failure on this DNS server This is a valid DNS server. Name resolution is not functional. _ldap._tcp.mscmsia.com. failedon the DNS server 202.188.0.133 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] DNS server: 136.68.92.100 (<name unavailable>) All tests passed on this DNS server This is a valid DNS server. Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: mscmsia.com mscsrv PASS FAIL n/a n/a n/a PASS n/a ......................... mscmsia.com failed test DNS** IC CONFIG - Server AWindow IP Configuration Host name ......................... :mscsrv2 Primary Dns Suffix..............:mscmsia.com Mode Type.......................... : unknown IP Routing Enabled.............. :No WINS Proxy Enabled............. : No DNS Suffix Search list ......... : mscmsia.comEthernet adapter Broadcom NetXtreme Gigabit Ethernet Adapter - onboard 1: Connection-specific DNS Suffix..... : Description................................. : Broadcom NetXtreme Gigabit Ethernet #2 Physical Address ........................ :00-06-5B-FE-BE-59 DHCP Enabled ............................ :No IP Address ................................. : 136.68.92.100 Subnet mask .............................. :255.255.255.0Default Gateway......................... :136.68.92.254DNS Server ............................... : 136.68.92.100 202.188.0.133** IP CONFIG - Server BWindow IP Configuration Host name ......................... :mscsrv Primary Dns Suffix..............:mscmsia.com Mode Type.......................... : unknown IP Routing Enabled.............. :No WINS Proxy Enabled............. : No DNS Suffix Search list ......... : mscmsia.comEthernet adapter Local Area Connection 2: Connection-specific DNS Suffix..... : Description................................. : Broadcom NetXtreme Gigabit Ethernet Physical Address ........................ :00-26-B9-3D-0D-2D DHCP Enabled ............................ : Yes Autoconfiguration Enabled ........... : Yes Autoconfiguration IP Address ........ :169.254.250.49 Subnet Mask .............................. : 255.255.0.0 Default Gateway ......................... :Ethernet adapter Local Area Connection: Connection-specific DNS Suffix..... : Description................................. : Broadcom NetXtreme Gigabit Ethernet #2 Physical Address ........................ :00-26-B9-3D-0D-2C DHCP Enabled ............................ :NoIP Address ................................ :136.68.92.1 Subnet Mask .............................. : 255.255.255.0 Default Gateway ......................... : 136.68.92.254 DNS Server ................................ : 136.68.92.100202.188.0.133

You ran dcdiag on server B only.Anyway, try changing the DNS settings on both serversServer A MSCSRV2DNS: 136.68.92.100 and secondary dns136.68.92.1Server B MSCSRVDNS: 136.68.92.1 and secondary dns 136.68.92.100I'm guessing the 202.188.0.133 is your internet service providers DNS server so set that one to be used as a forwarder for one of your Domain controllers. You can set this in Administrative Tools - DNS, right click the server name, properties. Select Forwarders tab and put 202.188.0.133 in there.On the second domain controller set the first domain controller in forwarders.Try to set those and run dcdiag again and let's se what we can find.

Hi MAtt,i already done as your guideline. But in second domain contoller i do not have DNS to set up the forwarders config. Should i setup secodary dns in second domain controller (server B) even i already set up replication domain - AD. Please advise.The below ar ethe DC Diag result on server B after configure as you mention. Kidnly review. DC=mscmsia,DC=com (Domain,Version 2) ......................... MSCSRV passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\MSCSRV\netlogon Verified share \\MSCSRV\sysvol ......................... MSCSRV passed test NetLogons Starting test: Advertising The DC MSCSRV is advertising itself as a DC and having a DS. The DC MSCSRV is advertising as an LDAP server The DC MSCSRV is advertising as having a writeable directory The DC MSCSRV is advertising as a Key Distribution Center The DC MSCSRV is advertising as a time server The DS MSCSRV is advertising as a GC. ......................... MSCSRV passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Warning: CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com is the Schema Owner, but is deleted. Role Domain Owner = CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Warning: CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com is the Domain Owner, but is deleted. Role PDC Owner = CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Role Rid Owner = CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Role Infrastructure Update Owner = CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com ......................... MSCSRV failed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 4103 to 1073741823 * mscsrv2.mscmsia.com is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 3603 to 4102 * rIDPreviousAllocationPool is 3603 to 4102 * rIDNextRID: 3605 ......................... MSCSRV passed test RidManager Starting test: MachineAccount Checking machine account for DC MSCSRV on DC MSCSRV. * SPN found :LDAP/mscsrv.mscmsia.com/mscmsia.com * SPN found :LDAP/mscsrv.mscmsia.com * SPN found :LDAP/MSCSRV * SPN found :LDAP/mscsrv.mscmsia.com/MSCMSIA * SPN found :LDAP/1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1d1b19df-e5ad-4332-bb24-f34f43e41616/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com * SPN found :HOST/MSCSRV * SPN found :HOST/mscsrv.mscmsia.com/MSCMSIA * SPN found :GC/mscsrv.mscmsia.com/mscmsia.com ......................... MSCSRV passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... MSCSRV passed test Services Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... MSCSRV passed test OutboundSecureChannels Starting test: ObjectsReplicated MSCSRV is in domain DC=mscmsia,DC=com Checking for CN=MSCSRV,OU=Domain Controllers,DC=mscmsia,DC=com in domain DC=mscmsia,DC=com on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=MSCSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com in domain CN=Configuration,DC=mscmsia,DC=com on 1 servers Object is up-to-date on all servers. ......................... MSCSRV passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... MSCSRV passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... MSCSRV passed test frsevent Starting test: kccevent * The KCC Event log test An Warning Event occured. EventID: 0x80250829 Time Generated: 10/22/2009 13:42:46 (Event String could not be retrieved) An Warning Event occured. EventID: 0x8025082B Time Generated: 10/22/2009 13:42:46 (Event String could not be retrieved) An Warning Event occured. EventID: 0x80250829 Time Generated: 10/22/2009 13:42:46 (Event String could not be retrieved) An Warning Event occured. EventID: 0x8025082B Time Generated: 10/22/2009 13:42:46 (Event String could not be retrieved) An Warning Event occured. EventID: 0x80250829 Time Generated: 10/22/2009 13:42:46 (Event String could not be retrieved) ......................... MSCSRV failed test kccevent Starting test: systemlog * The System Event log test Found no errors in System Event log in the last 60 minutes. ......................... MSCSRV passed test systemlog Starting test: VerifyReplicas ......................... MSCSRV passed test VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=MSCSRV,OU=Domain Controllers,DC=mscmsia,DC=com and backlink on CN=MSCSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com are correct. The system object reference (frsComputerReferenceBL) CN=MSCSRV,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mscmsia,DC=com and backlink on CN=MSCSRV,OU=Domain Controllers,DC=mscmsia,DC=com are correct. The system object reference (serverReferenceBL) CN=MSCSRV,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mscmsia,DC=com and backlink on CN=NTDS Settings,CN=MSCSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com are correct. ......................... MSCSRV passed test VerifyReferences Starting test: VerifyEnterpriseReferences The following problems were found while verifying various important DN references. Note, that these problems can be reported because of latency in replication. So follow up to resolve the following problems, only if the same problem is reported on all DCs for a given domain or if the problem persists after replication has had reasonable time to replicate changes. [1] Problem: Missing Expected Value Base Object: CN=SERVER1,OU=Domain Controllers,DC=mscmsia,DC=com Base Object Description: "DC Account Object" Value Object Attribute Name: serverReferenceBL Value Object Description: "Server Object" Recommended Action: Check if this server is deleted, and if so clean up this DCs Account Object. [2] Problem: Missing Expected Value Base Object: CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mscmsia,DC=com Base Object Description: "SYSVOL FRS Member Object" Value Object Attribute Name: serverReference Value Object Description: "DSA Object" Recommended Action: Check if this server is deleted, and if so clean up this DCs SYSVOL FRS Member Object. Also see Knowledge Base Article Q312862 ......................... MSCSRV failed test VerifyEnterpriseReferences Starting test: CheckSecurityError * Dr Auth: Beginning security errors check! Found KDC MSCSRV for domain mscmsia.com in site Default-First-Site-Name Checking machine account for DC MSCSRV on DC MSCSRV. * SPN found :LDAP/mscsrv.mscmsia.com/mscmsia.com * SPN found :LDAP/mscsrv.mscmsia.com * SPN found :LDAP/MSCSRV * SPN found :LDAP/mscsrv.mscmsia.com/MSCMSIA * SPN found :LDAP/1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1d1b19df-e5ad-4332-bb24-f34f43e41616/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com * SPN found :HOST/MSCSRV * SPN found :HOST/mscsrv.mscmsia.com/MSCMSIA * SPN found :GC/mscsrv.mscmsia.com/mscmsia.com [MSCSRV] No security related replication errors were found on this DC!To target the connection to a specific source DC use /ReplSource:<DC>. ......................... MSCSRV passed test CheckSecurityError DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : mscmsia Starting test: CrossRefValidation ......................... mscmsia passed test CrossRefValidation Starting test: CheckSDRefDom ......................... mscmsia passed test CheckSDRefDom Running enterprise tests on : mscmsia.com Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... mscmsia.com passed test Intersite Starting test: FsmoCheck GC Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc PDC Name: \\mscsrv2.mscmsia.com Locator Flags: 0xe00003fd Time Server Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc Preferred Time Server Name: \\mscsrv2.mscmsia.com Locator Flags: 0xe00003fd KDC Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc ......................... mscmsia.com passed test FsmoCheck Starting test: DNS Test results for domain controllers: DC: mscsrv.mscmsia.com Domain: mscmsia.com TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported NETLOGON service is running kdc service is running DNSCACHE service is running DC is not a DNS server Network adapters information: Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet: MAC address is 00:26:B9:3D:0D:2C IP address: 136.68.92.1 DNS servers: Warning: 136.68.92.1 (<name unavailable>) [Invalid (unreachable)] 136.68.92.100 (<name unavailable>) [Valid] The A record for this DC was found The SOA record for the Active Directory zone was found TEST: Records registration (RReg) Network Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet: Matching A record found at DNS server 136.68.92.100: mscsrv.mscmsia.com Matching CNAME record found at DNS server 136.68.92.100: 1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com Matching DC SRV record found at DNS server 136.68.92.100: _ldap._tcp.dc._msdcs.mscmsia.com Matching GC SRV record found at DNS server 136.68.92.100: _ldap._tcp.gc._msdcs.mscmsia.com Summary of test results for DNS servers used by the above domain controllers: DNS server: 136.68.92.1 (<name unavailable>) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 136.68.92.1 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)] Name resolution is not functional. _ldap._tcp.mscmsia.com. failedon the DNS server 136.68.92.1 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)] DNS server: 136.68.92.100 (<name unavailable>) All tests passed on this DNS server This is a valid DNS server. Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: mscmsia.com mscsrv PASS WARN n/a n/a n/a PASS n/a ......................... mscmsia.com passed test DNS C:\>

If Server B doesn't have DNS installed it should have the DNS settings DNS: 136.68.92.100 only.Also is see this in your DC diag=============================================[1] Problem: Missing Expected Value Base Object: CN=SERVER1,OU=Domain Controllers,DC=mscmsia,DC=com Base Object Description: "DC Account Object" Value Object Attribute Name: serverReferenceBL Value Object Description: "Server Object" Recommended Action: Check if this server is deleted, and if so clean up this DCs Account Object.=============================================A) Has the server named SERVER1 been deleted? If so you need to remove it from Active Directory. Do you still have a server named SERVER1?NOTE: This is not SERVER A mscsrv2, buta different object.So the next take the following steps. Answer the question A) above and correct the dns settings on Server B (mscsrv). The run dcdiag again on both mscsrv and mscsrv2 an post the output here.

SERVER1 is not longer exist. i already delete of from active directory and setup the dns in server b as you mention.But the missing expected still showing as below: ......................... MSCSRV passed test CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC MSCSRV. * Security Permissions Check for CN=Schema,CN=Configuration,DC=mscmsia,DC=com (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=mscmsia,DC=com (Configuration,Version 2) * Security Permissions Check for DC=mscmsia,DC=com (Domain,Version 2) ......................... MSCSRV passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\MSCSRV\netlogon Verified share \\MSCSRV\sysvol ......................... MSCSRV passed test NetLogons Starting test: Advertising The DC MSCSRV is advertising itself as a DC and having a DS. The DC MSCSRV is advertising as an LDAP server The DC MSCSRV is advertising as having a writeable directory The DC MSCSRV is advertising as a Key Distribution Center The DC MSCSRV is advertising as a time server The DS MSCSRV is advertising as a GC. ......................... MSCSRV passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Warning: CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com is the Schema Owner, but is deleted. Role Domain Owner = CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Warning: CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com is the Domain Owner, but is deleted. Role PDC Owner = CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Role Rid Owner = CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Role Infrastructure Update Owner = CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com ......................... MSCSRV failed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 4103 to 1073741823 * mscsrv2.mscmsia.com is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 3603 to 4102 * rIDPreviousAllocationPool is 3603 to 4102 * rIDNextRID: 3605 ......................... MSCSRV passed test RidManager Starting test: MachineAccount Checking machine account for DC MSCSRV on DC MSCSRV. * SPN found :LDAP/mscsrv.mscmsia.com/mscmsia.com * SPN found :LDAP/mscsrv.mscmsia.com * SPN found :LDAP/MSCSRV * SPN found :LDAP/mscsrv.mscmsia.com/MSCMSIA * SPN found :LDAP/1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1d1b19df-e5ad-4332-bb24-f34f43e41616/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com * SPN found :HOST/MSCSRV * SPN found :HOST/mscsrv.mscmsia.com/MSCMSIA * SPN found :GC/mscsrv.mscmsia.com/mscmsia.com ......................... MSCSRV passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... MSCSRV passed test Services Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... MSCSRV passed test OutboundSecureChannels Starting test: ObjectsReplicated MSCSRV is in domain DC=mscmsia,DC=com Checking for CN=MSCSRV,OU=Domain Controllers,DC=mscmsia,DC=com in domain DC=mscmsia,DC=com on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=MSCSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com in domain CN=Configuration,DC=mscmsia,DC=com on 1 servers Object is up-to-date on all servers. ......................... MSCSRV passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... MSCSRV passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... MSCSRV passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... MSCSRV passed test kccevent Starting test: systemlog * The System Event log test Found no errors in System Event log in the last 60 minutes. ......................... MSCSRV passed test systemlog Starting test: VerifyReplicas ......................... MSCSRV passed test VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=MSCSRV,OU=Domain Controllers,DC=mscmsia,DC=com and backlink on CN=MSCSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com are correct. The system object reference (frsComputerReferenceBL) CN=MSCSRV,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mscmsia,DC=com and backlink on CN=MSCSRV,OU=Domain Controllers,DC=mscmsia,DC=com are correct. The system object reference (serverReferenceBL) CN=MSCSRV,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mscmsia,DC=com and backlink on CN=NTDS Settings,CN=MSCSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com are correct. ......................... MSCSRV passed test VerifyReferences Starting test: VerifyEnterpriseReferences The following problems were found while verifying various important DN references. Note, that these problems can be reported because of latency in replication. So follow up to resolve the following problems, only if the same problem is reported on all DCs for a given domain or if the problem persists after replication has had reasonable time to replicate changes. [1] Problem: Missing Expected Value Base Object: CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mscmsia,DC=com Base Object Description: "SYSVOL FRS Member Object" Value Object Attribute Name: frsComputerReference Value Object Description: "DC Account Object" Recommended Action: Check if this server is deleted, and if so clean up this DCs SYSVOL FRS Member Object. Also see Knowledge Base Article: Q312862 [2] Problem: Missing Expected Value Base Object: CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mscmsia,DC=com Base Object Description: "SYSVOL FRS Member Object" Value Object Attribute Name: serverReference Value Object Description: "DSA Object" Recommended Action: Check if this server is deleted, and if so clean up this DCs SYSVOL FRS Member Object. Also see Knowledge Base Article Q312862 ......................... MSCSRV failed test VerifyEnterpriseReferences Starting test: CheckSecurityError * Dr Auth: Beginning security errors check! Found KDC MSCSRV for domain mscmsia.com in site Default-First-Site-Name Checking machine account for DC MSCSRV on DC MSCSRV. * SPN found :LDAP/mscsrv.mscmsia.com/mscmsia.com * SPN found :LDAP/mscsrv.mscmsia.com * SPN found :LDAP/MSCSRV * SPN found :LDAP/mscsrv.mscmsia.com/MSCMSIA * SPN found :LDAP/1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1d1b19df-e5ad-4332-bb24-f34f43e41616/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com * SPN found :HOST/MSCSRV * SPN found :HOST/mscsrv.mscmsia.com/MSCMSIA * SPN found :GC/mscsrv.mscmsia.com/mscmsia.com [MSCSRV] No security related replication errors were found on this DC!To target the connection to a specific source DC use /ReplSource:<DC>. ......................... MSCSRV passed test CheckSecurityError DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : mscmsia Starting test: CrossRefValidation ......................... mscmsia passed test CrossRefValidation Starting test: CheckSDRefDom ......................... mscmsia passed test CheckSDRefDom Running enterprise tests on : mscmsia.com Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... mscmsia.com passed test Intersite Starting test: FsmoCheck GC Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc PDC Name: \\mscsrv2.mscmsia.com Locator Flags: 0xe00003fd Time Server Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc Preferred Time Server Name: \\mscsrv2.mscmsia.com Locator Flags: 0xe00003fd KDC Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc ......................... mscmsia.com passed test FsmoCheck Starting test: DNS Test results for domain controllers: DC: mscsrv.mscmsia.com Domain: mscmsia.com TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported NETLOGON service is running kdc service is running DNSCACHE service is running DC is not a DNS server Network adapters information: Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet: MAC address is 00:26:B9:3D:0D:2C IP address: 136.68.92.1 DNS servers: Warning: 136.68.92.1 (<name unavailable>) [Invalid (unreachable)] 136.68.92.100 (<name unavailable>) [Valid] The A record for this DC was found The SOA record for the Active Directory zone was found TEST: Records registration (RReg) Network Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet: Matching A record found at DNS server 136.68.92.100: mscsrv.mscmsia.com Matching CNAME record found at DNS server 136.68.92.100: 1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com Matching DC SRV record found at DNS server 136.68.92.100: _ldap._tcp.dc._msdcs.mscmsia.com Matching GC SRV record found at DNS server 136.68.92.100: _ldap._tcp.gc._msdcs.mscmsia.com Summary of test results for DNS servers used by the above domain controllers: DNS server: 136.68.92.1 (<name unavailable>) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 136.68.92.1 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)] Name resolution is not functional. _ldap._tcp.mscmsia.com. failedon the DNS server 136.68.92.1 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)] DNS server: 136.68.92.100 (<name unavailable>) All tests passed on this DNS server This is a valid DNS server. Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: mscmsia.com mscsrv PASS WARN n/a n/a n/a PASS n/a ......................... mscmsia.com passed test DNS C:\>

So Server1 was a Domain controller before you deleted it.Did you run DCPROMO to remove the Domain Controller role from Server1 or did you just delete it? If you take a look at DCDIAG output you see======================================== Role Schema Owner = CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Warning: CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com is the Schema Owner, but is deleted. Role Domain Owner = CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Warning: CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com is the Domain Owner, but is deleted.=========================================So the server Server1 still has Schema Owner role and Domain Owner role, and it has been deleted.You can't just delete a domain controller like a workstation, it has roles that need to be transfered. In any case here is a Microsoft knowledge base article on how to check the server roles, which server holds them and how to transfer them to a working domain controller.http://support.microsoft.com/kb/324801/en-us

well actually the server1 is not longer in my enviroment and the server itself already being dispose. I already deleted directly from the active directory user and computr/domain controller folder. is there any affect? is there any way to make it back?What should i do?Based on the acticle, mean i have to transfer all to my server A (mscsrv2)? but i already deleted directly......Kidnly advise.

You have to performa a metadata clean up to remove the server1 and seize the roles to another serverhttp://www.petri.co.il/delete_failed_dcs_from_ad.htmhttp://www.petri.co.il/seizing_fsmo_roles.htmhttp://technetfaqs.wordpress.com

Hi Syed,Is there any affect if i already directly delete it off from Active directory user and computer/domain controller fodler.FYI,my primary master of domain is on server A. is not longer in server1. As i mention, is already being dispose 2 year ago.Should i still run the clean up as you mention.

Hi Syed and Mat,i found something when i go thru NTDsutil utility. It seem like server1 is not longer is the list. Pls check below result. Pls advise. ThanksMicrosoft Windows [Version 5.2.3790](C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator.MSCMSIA>cd\ C:\>cd windows C:\WINDOWS>ntdsutilntdsutil: metadata cleanupmetadata cleanup: connectionsserver connections: connect to server mscsrv2Binding to mscsrv2 ...Connected to mscsrv2 using credentials of locally logged on user.server connections: qmetadata cleanup: select operation targetselect operation target: list domainsFound 1 domain(s)0 - DC=mscmsia,DC=comselect operation target: 0Error 80070057 parsing input - illegal syntax?select operation target: select domain 0No current siteDomain - DC=mscmsia,DC=comNo current serverNo current Naming Contextselect operation target: list sitesFound 1 site(s)0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comselect operation target: select site 0Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comDomain - DC=mscmsia,DC=comNo current serverNo current Naming Contextselect operation target: list server in sitesError 80070057 parsing input - illegal syntax?select operation target: List servers in siteFound 2 server(s)0 - CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com1 - CN=MSCSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comselect operation target:

Ok. So try running dcdiag /v /c again and let's see if it finishes without errors this time.In the future before you delete a domain controller you shoulddemote it to a member serverwithdcpromo, but before you demote it move the roles to another domain controller. Domain controllers are not like workstations or member servers so you can't just delete them without running into a little trouble.

hi Matt, Well noted your guide. i try it out again but the result still the same (as below result). When i try NTDSUTIL again there was no server1 description but i only can see mscsrv2 and mscsrv as in my previous reply result. Pls advise. And also after i restart i found this system event error. Please comment. Source:NETLOGON CATEGORY:None EVENT ID: 5781 Computer:MSCSRV2 Description: Registration or deletion of one or more DNS records associated with DNS domain 'mscmsia.com' failed. These records are used by other computer to locate this server as a domain controller (if the specified domain is an Active Directory domain)or as an LDAP server(if the specified domain is an applciation partition). ****TEST RESULT DCDIAG /V /C ......................... MSCSRV passed test CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC MSCSRV. * Security Permissions Check for CN=Schema,CN=Configuration,DC=mscmsia,DC=com (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=mscmsia,DC=com (Configuration,Version 2) * Security Permissions Check for DC=mscmsia,DC=com (Domain,Version 2) ......................... MSCSRV passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\MSCSRV\netlogon Verified share \\MSCSRV\sysvol ......................... MSCSRV passed test NetLogons Starting test: Advertising The DC MSCSRV is advertising itself as a DC and having a DS. The DC MSCSRV is advertising as an LDAP server The DC MSCSRV is advertising as having a writeable directory The DC MSCSRV is advertising as a Key Distribution Center The DC MSCSRV is advertising as a time server The DS MSCSRV is advertising as a GC. ......................... MSCSRV passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Warning: CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com is the Schema Owner, but is deleted. Role Domain Owner = CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Warning: CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com is the Domain Owner, but is deleted. Role PDC Owner = CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Role Rid Owner = CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com Role Infrastructure Update Owner = CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com ......................... MSCSRV failed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 4103 to 1073741823 * mscsrv2.mscmsia.com is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 3603 to 4102 * rIDPreviousAllocationPool is 3603 to 4102 * rIDNextRID: 3605 ......................... MSCSRV passed test RidManager Starting test: MachineAccount Checking machine account for DC MSCSRV on DC MSCSRV. * SPN found :LDAP/mscsrv.mscmsia.com/mscmsia.com * SPN found :LDAP/mscsrv.mscmsia.com * SPN found :LDAP/MSCSRV * SPN found :LDAP/mscsrv.mscmsia.com/MSCMSIA * SPN found :LDAP/1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1d1b19df-e5ad-4332-bb24-f34f43e41616/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com * SPN found :HOST/MSCSRV * SPN found :HOST/mscsrv.mscmsia.com/MSCMSIA * SPN found :GC/mscsrv.mscmsia.com/mscmsia.com ......................... MSCSRV passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... MSCSRV passed test Services Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... MSCSRV passed test OutboundSecureChannels Starting test: ObjectsReplicated MSCSRV is in domain DC=mscmsia,DC=com Checking for CN=MSCSRV,OU=Domain Controllers,DC=mscmsia,DC=com in domain DC=mscmsia,DC=com on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=MSCSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com in domain CN=Configuration,DC=mscmsia,DC=com on 1 servers Object is up-to-date on all servers. ......................... MSCSRV passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... MSCSRV passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... MSCSRV passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... MSCSRV passed test kccevent Starting test: systemlog * The System Event log test Found no errors in System Event log in the last 60 minutes. ......................... MSCSRV passed test systemlog Starting test: VerifyReplicas ......................... MSCSRV passed test VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=MSCSRV,OU=Domain Controllers,DC=mscmsia,DC=com and backlink on CN=MSCSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com are correct. The system object reference (frsComputerReferenceBL) CN=MSCSRV,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mscmsia,DC=com and backlink on CN=MSCSRV,OU=Domain Controllers,DC=mscmsia,DC=com are correct. The system object reference (serverReferenceBL) CN=MSCSRV,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mscmsia,DC=com and backlink on CN=NTDS Settings,CN=MSCSRV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=com are correct. ......................... MSCSRV passed test VerifyReferences Starting test: VerifyEnterpriseReferences The following problems were found while verifying various important DN references. Note, that these problems can be reported because of latency in replication. So follow up to resolve the following problems, only if the same problem is reported on all DCs for a given domain or if the problem persists after replication has had reasonable time to replicate changes. [1] Problem: Missing Expected Value Base Object: CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mscmsia,DC=com Base Object Description: "SYSVOL FRS Member Object" Value Object Attribute Name: frsComputerReference Value Object Description: "DC Account Object" Recommended Action: Check if this server is deleted, and if so clean up this DCs SYSVOL FRS Member Object. Also see Knowledge Base Article: Q312862 [2] Problem: Missing Expected Value Base Object: CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mscmsia,DC=com Base Object Description: "SYSVOL FRS Member Object" Value Object Attribute Name: serverReference Value Object Description: "DSA Object" Recommended Action: Check if this server is deleted, and if so clean up this DCs SYSVOL FRS Member Object. Also see Knowledge Base Article Q312862 ......................... MSCSRV failed test VerifyEnterpriseReferences Starting test: CheckSecurityError * Dr Auth: Beginning security errors check! Found KDC MSCSRV for domain mscmsia.com in site Default-First-Site-Name Checking machine account for DC MSCSRV on DC MSCSRV. * SPN found :LDAP/mscsrv.mscmsia.com/mscmsia.com * SPN found :LDAP/mscsrv.mscmsia.com * SPN found :LDAP/MSCSRV * SPN found :LDAP/mscsrv.mscmsia.com/MSCMSIA * SPN found :LDAP/1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1d1b19df-e5ad-4332-bb24-f34f43e41616/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com/mscmsia.com * SPN found :HOST/mscsrv.mscmsia.com * SPN found :HOST/MSCSRV * SPN found :HOST/mscsrv.mscmsia.com/MSCMSIA * SPN found :GC/mscsrv.mscmsia.com/mscmsia.com [MSCSRV] No security related replication errors were found on this DC!To target the connection to a specific source DC use /ReplSource:<DC>. ......................... MSCSRV passed test CheckSecurityError DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : mscmsia Starting test: CrossRefValidation ......................... mscmsia passed test CrossRefValidation Starting test: CheckSDRefDom ......................... mscmsia passed test CheckSDRefDom Running enterprise tests on : mscmsia.com Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... mscmsia.com passed test Intersite Starting test: FsmoCheck GC Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc PDC Name: \\mscsrv2.mscmsia.com Locator Flags: 0xe00003fd Time Server Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc Preferred Time Server Name: \\mscsrv2.mscmsia.com Locator Flags: 0xe00003fd KDC Name: \\mscsrv.mscmsia.com Locator Flags: 0xe00001fc ......................... mscmsia.com passed test FsmoCheck Starting test: DNS Test results for domain controllers: DC: mscsrv.mscmsia.com Domain: mscmsia.com TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported NETLOGON service is running kdc service is running DNSCACHE service is running DC is not a DNS server Network adapters information: Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet: MAC address is 00:26:B9:3D:0D:2C IP address: 136.68.92.1 DNS servers: Warning: 136.68.92.1 (<name unavailable>) [Invalid (unreachable)] 136.68.92.100 (<name unavailable>) [Valid] The A record for this DC was found The SOA record for the Active Directory zone was found TEST: Records registration (RReg) Network Adapter [00000002] Broadcom NetXtreme Gigabit Ethernet: Matching A record found at DNS server 136.68.92.100: mscsrv.mscmsia.com Matching CNAME record found at DNS server 136.68.92.100: 1d1b19df-e5ad-4332-bb24-f34f43e41616._msdcs.mscmsia.com Matching DC SRV record found at DNS server 136.68.92.100: _ldap._tcp.dc._msdcs.mscmsia.com Matching GC SRV record found at DNS server 136.68.92.100: _ldap._tcp.gc._msdcs.mscmsia.com Summary of test results for DNS servers used by the above domain controllers: DNS server: 136.68.92.1 (<name unavailable>) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 136.68.92.1 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)] Name resolution is not functional. _ldap._tcp.mscmsia.com. failedon the DNS server 136.68.92.1 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)] DNS server: 136.68.92.100 (<name unavailable>) All tests passed on this DNS server This is a valid DNS server. Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: mscmsia.com mscsrv PASS WARN n/a n/a n/a PASS n/a ......................... mscmsia.com passed test DNS

Your errors are probably because you deleted the Server1 without demoting it to a member server. I also noticed your post about the Netlogon error in another post.I would not post multiple posts because the problem is most likely from the fact that your domain isn't workin correctly anymore.So did you seize the roles like Syed proposed?If you didn't take a look at how to seize the roles herehttp://www.petri.co.il/seizing_fsmo_roles.htmIf you have siezed the roles please supply the output from dcdiag /test:KnowsOfRoleHolders /vThe error 5781 in netlogon is probably a biproduct of your other problems, so as soon as we get the domain working properly everything else should fall back in place. MCTS: Windows Server 2008 Active Directory ConfigurationBlog: http://www.nixadmins.net

i try to seize as per you instruction but it cant work as below screenshot.C:\WINDOWS>ntdsutilntdsutil: rolesfsmo maintenance: connectionsserver connections: connect to server mscsrv2Binding to mscsrv2 ...Connected to mscsrv2 using credentials of locally logged on user.server connections: qfsmo maintenance: seize schema masterAttempting safe transfer of schema FSMO before seizure.ldap_modify_sW error 0x34(52 (Unavailable).Ldap extended error message is 000020AF: SvcErr: DSID-0321036B, problem 5002 (UNAVAILABLE), data 8 Win32 error returned is 0x20af(The requested FSMO operation failed. The currentFSMO holder could not be contacted.))Depending on the error code this may indicate a connection,ldap, or role transfer error.Transfer of schema FSMO failed, proceeding with seizure ...Server "mscsrv2" knows about 5 rolesSchema - CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comDomain - CN=NTDS Settings\0ADEL:e27ba299-5cd6-428c-8500-5f7d182200c6,CN=MSCSRV2\0ADEL:9e400b8d-c72d-4816-aba9-95f412969b74,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comPDC - CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comRID - CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comInfrastructure - CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comfsmo maintenance: seize domain naming masterAttempting safe transfer of domain naming FSMO before seizure.ldap_modify_sW error 0x34(52 (Unavailable).Ldap extended error message is 000020AF: SvcErr: DSID-0321036B, problem 5002 (UNAVAILABLE), data 8 Win32 error returned is 0x20af(The requested FSMO operation failed. The currentFSMO holder could not be contacted.))Depending on the error code this may indicate a connection,ldap, or role transfer error.Transfer of domain naming FSMO failed, proceeding with seizure ...Server "mscsrv2" knows about 5 rolesSchema - CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comDomain - CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comPDC - CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comRID - CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comInfrastructure - CN=NTDS Settings,CN=MSCSRV2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mscmsia,DC=comfsmo maintenance:

I'm guessing one of your current servers doesn't have the PDC role.So go to ADUC(Active Directory Users And Computers) and right click domain name, select Operations Masters on the PDC set one of your current servers to the handle the PDC role.Also, if the RID Operations Master is the old, dead, server change it to one of your current servers.After that try to sieze the roles again following the guide you already tried.MCTS: Windows Server 2008 Active Directory Configuration Blog: http://www.nixadmins.net

It has being set server A (mscsrv2) as primary all the while but the error still occur.