Unexpected automatic site coverage may occur in Windows Server 2003 after you remove Active Directory from a domain controller (920154)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

SYMPTOMS

Consider the following scenario:
  • You remove the Active Directory directory service from a domain controller (server A). After you do this, the object that represents the server in the Active Directory Sites and Services Manager snap-in remains. (This situation is described in Microsoft Knowledge Base article 216364.)
  • You install Active Directory on a server and use the server name of server A.
  • The new domain controller is located in a different site, but two server objects that have the same name exist in Active Directory.
In this scenario, unexpected automatic site coverage may occur.

For example, assume that server A is a domain controller in site A. You remove Active Directory from server A, move server A into site B, and then reinstall Active Directory on the server. If site B has only one domain controller (server A), server A covers site A. Site B is covered by domain controllers from another site, such as site C.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

216364 Domain controller server object not removed after demotion

CAUSE

This behavior occurs because the NetLogon service reads the serverReferenceBL attribute from all domain controllers in the domain. However, the NetLogon service can read only one entry from the attribute. The serverReferenceBL attribute is a multistring attribute. Therefore, some site entries in this attribute are ignored. In this scenario, the NetLogon service may skip the owner site and select a remote site.

RESOLUTION

To resolve this behavior, use one of the following methods:
  • If the old domain controller server object is empty, delete the object.
  • If the old domain controller server object is not empty, keep the old domain controller server object. However, do not install Active Directory on a member server that has the same name in a different site.

MORE INFORMATION

Steps to reproduce the problem
  1. Create site A, site B, and site C.
  2. Put domain controller A in site A, and then put domain controller C in site C.
  3. Remove Active Directory from domain controller A. The server object remains in site A.
  4. Change the IP address of domain controller A to map to site B, and then reinstall Active Directory on domain controller A. A new server object is created in site B. The domain controller of site C may register its service location (SRV) record in site B.
Note The naming order of sites determines whether this problem occurs. The problem occurs only if site A is the first element in the multistring attribute.
Modification Type:MajorLast Reviewed:6/7/2006
Keywords:kbtshoot kbprb KB920154 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.