Hello all,
I inherited a couple of networks that I am trying to sort out some issues with. I'm not as savvy as I wished I was when it comes to networking etc, this job started as a "you will be trained and caught up to speed" and turned into the individual resigning and now is a you better learn quickly scenario. With that being said I'll do my best to explain our network/issues please forgive me if I don't get simple terms etc.
We have 3 campuses on 3 networks. AD and the majority of our servers lives at the main campus. All sites are connected via ipsec vpn tunnels. Each site has it's own domain controller, dhcp, dns servers. The main site has a total of 2 dc's. Site 1's dc (the main campus) is throwing the errors event id warning 2088 (I know this is caused by an old dc that is still in Active directory but is no longer a server that can be booted up, it was damaged before I got here and thus far i've been unable to clean it up within ad). It's also throwing the error event id 1864 This directory server has not recently received replication information from a number of directory servers.
Site 2: Event warning 1925 (also related to the old DC)
Site 3: Here is my main issue, I cannot get this dc to replicate and it is starting to cause some bigger issues. I feel like it is a dns issue? Within the dns server it's throwing the event error id 4000 "the dns serverwas unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active directory is functioning properly and reload the zone. The event data is the error code." If I tried to expland the dns on this server it gives me an error that "The server ****-DC could not be contacted. The error was: Access was denied. Would you like to add it anyway?" yes or no. Regardless if I click yes or no when you expand the dns part and right click the dns server name all options are greyed out except Launch nslookup. Non of the typical folders/information are in the dns portion here like on the other campuses dc's.
So I got the bright idea of well I'll just build a new DC for this site and go that route, however; when I run dcpromo for the new server on the select a domain part I get "Failed to examine the Active Directory forest. The error was: The operation cannot continue because ldap connect/bind operation failed: error: 1326 (Logon failure: unknown username or bad password.) I am using the main administrator login/password.
So i'm not even sure where to start to troubleshoot these issues. Everyone still has network connection at all sites but I feel like if this is left unresolved it will cause huge issues in the future (maybe im wrong). Some of the weird issues i've seen with site 3 is people getting the error that the trust relationship between the workstation and domain has been broken. (this happens way to often there, from what i've read it's an issue that happens periodically but not like what i'm seeing there. It has become a daily plague. I'm apprehensive on removing those machines from the domain and rejoining them since I don't feel that the dc there sees the main campus properly. So far a shutdown of the machine has restored their connections.
Other then troubleshooting site 3 how do I go about removing the old DC from AD so I can clean up the errors/warnings from the other sites since they can no longer see the damaged dc that will never be online again. (i've googled things on this and non of what I have read / tried has worked.)
I know i'll be asked for logs etc. Please just explain how to go about getting w/e information you all need to help and I'll do my best. Thanks a ton in advance! I hope I made sense in this ramble.