I've been working on a DCPromo issue for about 6 months that I can't seem to get around. Some of my specific details are a little fuzzy at this point since it's been so long but I tried the process 3 times in the last 24 hours & I still get a failure.
2016 servers were RWDC & I demoted them & then tried to DCPromo as RODC. I continuously get these results:
The operation failed because:
While promoting Read-only Domain Controller, failed to replicate the secrets from the helper AD DC.
"The replication operation failed because the target object referred by a link value is recycled."
I have tried deleting any related AD recycle bin records short of just deleting everything, which I'm not doing. I'm searching by date, by server name & by "KRBTGT_" & deleting anything I find but the issue persists:
Get-ADObject -IncludeDeletedObjects -Filter {(IsDeleted -eq $true)} -Properties * -Server domaincontroller.domain.com | Where-Object {$_.DistinguishedName -like "*krbtgt_*"} | Select-Object Name,DistinguishedName,WhenChanged | sort whenchanged
Get-ADObject -IncludeDeletedObjects -Filter {(IsDeleted -eq $true)} -Properties * -Server pdc-necorp.nesl.com | Where-Object {$_.DistinguishedName -like "*xxxxxx*"} | Select-Object Name,DistinguishedName,WhenChanged | sort whenchanged
Get-ADObject -IncludeDeletedObjects -Filter {(IsDeleted -eq $true)} -Properties * -Server dhcp-necorp.nesl.com | Where-Object {$_.WhenChanged -gt "7/17/2018 4:00:00 PM"} | Select-Object Name,DistinguishedName,WhenChanged | sort whenchangedI've also waited over 30 days between attempts (after deleting the recycle bin items) - no good!
The only way around it is to promote as an RWDC again.
Any suggestions would be appreciated.
-Dave