4/20/16

Cleaning up a mish-mash of domain controllers

After seizing all the FSMO roles on a single domain controller and deleting its replication partners in AD Sites & Services, I tried to join a PC to the domain and got this error:


After verifying that the DNS server settings were correct, rebooting, and verifying that the SYSVOL share was present on the domain controller, I ran dcdiag on the domain controller and saw this:


The DNS console was unusable:


The DNS event log was littered with red ink (so to speak):


So I followed instructions from https://support.microsoft.com/en-us/kb/2751452 and it worked!  Yay!

These were the instructions:

  • Stop the KDC service.
  • Run the following command with elevated rights: netdom resetpwd /server: /userd: /passwordd:*
  • It will prompt for the password of the Domain Admin account that you used, enter that.
  • Once the command executes, reboot the server.
  • DNS zones should load now.