Unable to manage Active Directory for a recently restored Domain Controller

ISSUE

You've recently restored an Active Directory domain controller either via WinIR, VMIR or straight restore via host-based or file-based backup.

Upon opening any Active Directory management tools such as Users and Computers (ADUC) and Group Policy Management Console (GPMC), you're presented with the following error:  "The specified domain either does not exist or could not be contacted."

User-added image

Or, the error message may be "There are currently no logon servers available to service the logon request."

RESOLUTION

After restoring a domain controller, login and confirm that the SYSVOL share is present.  The command to do this is `net share | findstr /b SYSVOL`.
If the SYSVOL share is not present, then you need to perform a series of steps (below) to make it available again, including your group policy objects and scripts.

  1. Log into the domain controller
  2. Open File Explorer and navigate to C:\Windows\SYSVOL\domain\
  3. Follow the link for your domain
  4. Enter folder “NtFrs_PreExisting__See_EventLog”
  5. Copy the content to a new folder on the desktop
  6. Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  7. Set SysVolReady to 0
  8. In the Registry Editor, navigate to HKLM\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
  9. Set BurFlags to D4
  10. Open services.msc
  11. Restart the “File Replication” service
  12. Copy the data from the new folder (see step #5) back to the folder for your domain location under C:\Windows\SYSVOL\domain\
  13. In the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  14. Set SysVolReady to 1
  15. [Optional] Reboot

CAUSE

There can be many causes for this particular condition. In most cases, the domain services did not come up in the proper order on the affected domain controller.

Please keep in mind that restoring a domain controller is not recommended unless you have no other domain controllers in your environment. The majority of situations that we've seen this particular issue in is where a domain controller is spun up in a DR environment.

NOTES

https://support.microsoft.com/en-us/help/290762/using-the-burflags-registry-key-to-reinitialize-file-replication-servi
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh147324(v=ws.10)

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section