AD can't replicate after last security update.

[wing]

We applied security update on August 22 (Friday). All kind
of wierd things happened. On Friday,I create a new user in
a DC, it doesn't replicate to other DCs. On Saturday, I
reboot the DCs, I can see the new account in All the DCs.
I then Created an email box for the user. On Monday, I
can't see the account in other DCs but the DC in which I
create the account. Neither can I see the account in
Global address list of Email server. What is happening?
PLease help!!!!

Thanks!

Wing

 

[Travis Albrecht]

We just had a similar issue, however we can't attribute it to the secutity
update as we we're doing work in sites and services as well at the time.

Suddenly most sites could only see themself, and thought it was
authoritative for the domain. We had to track down the server with the
"best" copy of LDAP directory. We then demoted, most times with
/forceremoval, and sometimes unplugged from the network with last server in
the domain checked. Leaving only the server with the best copy of AD. We
did some clean up in DNS, Sites and Services, ADUC, and ADSI editor as a
last resort on that server, and then started promoting them back into the
directory.

I DON'T SUGGEST THIS UNLESS IT IS YOUR LAST RESORT! It was ours, as our
Exchange cluster wouldn't start no matter what we did.

What I would try first, and we did, is create a site with the same name on
every server, move every server into that server and let it replicate.
You'll get sites with the "{site name}{GUID}" and hopefully you can move all
the servers into a single site with a single subnet.... Check what it looks
like from all your servers and find the one that sees most other servers and
work from there exclusively.

Good luck...