Steven L Umbach said:Computer account passwords expire after thirty days. Possibly you could try to use
netdom to reset it as described in the KB below, but I don't no if that will work for
a domain controller.
http://support.microsoft.com/default.aspx?scid=kb;en-us;216393
Another option would be to reinstall the operating system and dcpromo it to a domain
controller letting it replicate with AD again. Note that if you end up doing that you
will have to clean up the AD metadata using ntdsutil and the procedure differs a bit
depending on if you use the same name for the domain controller or not. You may also
want to post in the win2000.Active_directory newsgroup. See the link below for more
info.--- Steve
http://www.microsoft.com/technet/pr...de/part1/adogd03.mspx#XSLTsection128121120120
Richard G. Harper said:Event ID 3210 means that the domain controller cannot authenticate to the
domain. I would suggest that you recover whatever data needs to be saved
from the server, then reformat and restore. You'll likely spend more time
trying to get it back onto the domain and synchronized than a full rebuild
will take.
--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
Tom said:Hi all,
I have a win 2000 server which is a domain controller.
It was off for a couple of months, now it does not syncronize with the
domain.
and I get event id 3210.
I dont know what to do - please help.
Thanks,
Tom
Tom said:My question is, if I`ll go for rebuild, can I delete the old one from the
AD easy? since it`s not the only DC in my network.
is the system going to look for that DC?
Tom
Richard G. Harper said:Event ID 3210 means that the domain controller cannot authenticate to the
domain. I would suggest that you recover whatever data needs to be saved
from the server, then reformat and restore. You'll likely spend more time
trying to get it back onto the domain and synchronized than a full rebuild
will take.
--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
Tom said:Hi all,
I have a win 2000 server which is a domain controller.
It was off for a couple of months, now it does not syncronize with the
domain.
and I get event id 3210.
I dont know what to do - please help.
Thanks,
Tom
Richard G. Harper said:You need to remove it from two places - Active Directory Users and
Computers, in the Domain Controllers list; also Active Directory Sites and
Services, expand Sites, then Default-First-Site-Name, then Servers. Once
removed from both places it will be as if the server never existed in the
first place.
--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
Tom said:My question is, if I`ll go for rebuild, can I delete the old one from the
AD easy? since it`s not the only DC in my network.
is the system going to look for that DC?
Tom
Richard G. Harper said:Event ID 3210 means that the domain controller cannot authenticate to the
domain. I would suggest that you recover whatever data needs to be saved
from the server, then reformat and restore. You'll likely spend more time
trying to get it back onto the domain and synchronized than a full rebuild
will take.
--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
Hi all,
I have a win 2000 server which is a domain controller.
It was off for a couple of months, now it does not syncronize with the
domain.
and I get event id 3210.
I dont know what to do - please help.
Thanks,
Tom
Richard G. Harper said:You need to remove it from two places - Active Directory Users and
Computers, in the Domain Controllers list; also Active Directory Sites and
Services, expand Sites, then Default-First-Site-Name, then Servers. Once
removed from both places it will be as if the server never existed in the
first place.
--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
Tom said:My question is, if I`ll go for rebuild, can I delete the old one from the
AD easy? since it`s not the only DC in my network.
is the system going to look for that DC?
Tom
Richard G. Harper said:Event ID 3210 means that the domain controller cannot authenticate to the
domain. I would suggest that you recover whatever data needs to be saved
from the server, then reformat and restore. You'll likely spend more time
trying to get it back onto the domain and synchronized than a full rebuild
will take.
--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
Hi all,
I have a win 2000 server which is a domain controller.
It was off for a couple of months, now it does not syncronize with the
domain.
and I get event id 3210.
I dont know what to do - please help.
Thanks,
Tom
Tom said:Hi again,
I tried to delete it from the AD users and computers, and I get a massage
"The DSA object can not be deleted".
What's that?
Thanks for the patience,
Tom
Richard G. Harper said:You need to remove it from two places - Active Directory Users and
Computers, in the Domain Controllers list; also Active Directory Sites and
Services, expand Sites, then Default-First-Site-Name, then Servers. Once
removed from both places it will be as if the server never existed in the
first place.
--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
toTom said:My question is, if I`ll go for rebuild, can I delete the old one from the
AD easy? since it`s not the only DC in my network.
is the system going to look for that DC?
Tom
Event ID 3210 means that the domain controller cannot authenticate
themoredomain. I would suggest that you recover whatever data needs to be saved
from the server, then reformat and restore. You'll likely spend
timetrying to get it back onto the domain and synchronized than a full rebuild
will take.
--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
Hi all,
I have a win 2000 server which is a domain controller.
It was off for a couple of months, now it does not syncronize with the
domain.
and I get event id 3210.
I dont know what to do - please help.
Thanks,
Tom
Steven L Umbach said:Computer account passwords expire after thirty days. Possibly you
could try to use
netdom to reset it as described in the KB below, but I don't no if
that will work for
a domain controller.
http://support.microsoft.com/default.aspx?scid=kb;en-us;216393
Another option would be to reinstall the operating system and dcpromo
it to a domain
controller letting it replicate with AD again. Note that if you end
up doing that you
will have to clean up the AD metadata using ntdsutil and the
procedure differs a bit
depending on if you use the same name for the domain controller or
not. You may also
want to post in the win2000.Active_directory newsgroup. See the link
below for more
info.--- Steve
http://www.microsoft.com/technet/pr...de/part1/adogd03.mspx#XSLTsection128121120120
its past the 60 tombstone. If so, as you said, a resinstall after a
Steven L Umbach said:Hi Ace.
Thanks for posting that link and reminding me that metadata needs to
be cleaned up
before the dcpromo. I suppose you can repair a dc computer account
with netdom, but
I am not sure. I didn't recommend a restore of System State through
Directory
Services Restore because I don't think it would fix his problem being
that old. I
agree best bet would be to reinstall and clean metadata. It's not
that hard to do if
one follows the instructions. --- Steve