Delete DSA Not Writable key if I've successfully repaired AD rep but still in USN?
i not ad expert wanted see others thought situation.
have 2008 pdc in usn mode. official way fix demote, clean meta data, re-promote. plan demote server anyways , build new dc. rather go through entire official process devised work around appears have resolved replication issues.
took system state backup of usn mode server in it’s broken, non-replicating state, rebooted dsrm, , performed non authoritative restore backup. being non authoritative, replicated 2 healthy servers. ceased receiving log errors , tested replication , satisfied state of ad.
if reboot server though, still pauses netlogon still in usn mode. @ point, think server okay , no longer needs in protective state. i've seen mention of deleting dsa not writable key stop server being in dsn mode. i've read not supported , "modifying value removes quarantine behavior added usn rollback detection code."
i've bypassed quarantine behavior (if i'm not mistaken) unpausing netlogon, fixing replication, , replicating rest of dcs. @ point, think might safe remove key without damaging ad services , have repaired server. missing anything? think or isn't idea? in advance.
have 2008 pdc in usn mode. official way fix demote, clean meta data, re-promote. plan demote server anyways , build new dc. rather go through entire official process devised work around appears have resolved replication issues.
took system state backup of usn mode server in it’s broken, non-replicating state, rebooted dsrm, , performed non authoritative restore backup. being non authoritative, replicated 2 healthy servers. ceased receiving log errors , tested replication , satisfied state of ad.
if reboot server though, still pauses netlogon still in usn mode. @ point, think server okay , no longer needs in protective state. i've seen mention of deleting dsa not writable key stop server being in dsn mode. i've read not supported , "modifying value removes quarantine behavior added usn rollback detection code."
i've bypassed quarantine behavior (if i'm not mistaken) unpausing netlogon, fixing replication, , replicating rest of dcs. @ point, think might safe remove key without damaging ad services , have repaired server. missing anything? think or isn't idea? in advance.
you can make mentioned changes long have backups dcs.
my recommendation stick proper way of repairing (forcibly demoting dc, doing metadata cleanup , promoting again) instead of trying not supported changes.
this posting provided no warranties or guarantees , , confers no rights.
ahmed malek
my website link my linkedin profile my mvp profile
Windows Server > Directory Services
Comments
Post a Comment