Cause:
Failure to resolve the current CNAME resource record of the source domain controller to an IP address can have the following causes:
The source domain controller is powered off, is offline, or resides on an isolated network, and Active Directory and Domain Name System (DNS) data for the offline domain controller has not been deleted to indicate that the domain controller is inaccessible.
One of the following conditions exists:
The source domain controller has not registered its resource records in DNS.
The destination domain controller is configured to use an invalid DNS server.
The source domain controller is configured to use an invalid DNS server.
The DNS server that is used by the source domain controller does not host the correct zones or the zones are not configured to accept dynamic updates.
The direct DNS servers that are queried by the destination domain controller cannot resolve the IP address of the source domain controller as a result of nonexistent or invalid forwarders or delegations.
Active Directory has been removed on the source domain controller and then reinstalled with the same IP address, but knowledge of the new NTDS Settings GUID has not reached the destination domain controller.
Active Directory has been removed on the source domain controller and then reinstalled with a different IP address, but the current host address (A) resource record for the IP address of the source domain controller is either not registered or does not exist on the DNS servers that are queried by the destination domain controller as a result of replication latency or replication error.
The operating system of the source domain controller has been reinstalled with a different computer name, but its metadata either has not been removed or has been removed and not yet inbound-replicated by the destination domain controller.
Solution:
First, determine whether the source domain controller is functioning. If the source domain controller is not functioning, remove its remaining metadata from Active Directory.
If the source domain controller is functioning, continue with procedures to diagnose and solve the DNS problem, as needed:
Use Dcdiag to diagnose DNS problems.
Register DNS SRV resource records plus host records.
Synchronize replication between the source and destination domain controllers.
Verify consistency of the NTDS Settings GUID.
Determine Whether a Domain Controller Is Functioning
To determine whether the source domain controller is functioning, use the following test.
Requirements
Administrative credentials: To complete this procedure, you must be a member of the Domain Users group in the domain of the domain controller.
Tools: Net view
To determine whether a domain controller is functioning
To confirm that the domain controller is running Active Directory and is accessible on the network, at a command prompt type the following command, and then press ENTER:
where SourceDomainControllerName is the NetBIOS name of the domain controller.
This command displays the Netlogon and SYSVOL shares, indicating that the server is functioning as a domain controller. If this test shows that the domain controller is not functioning on the network, determine the nature of the disconnection and whether the domain controller can be recovered or whether its metadata must be removed from Active Directory manually. If the domain controller is not functioning and cannot be restored, use the procedure in the following section, "Clean Up Domain Controller Metadata," to delete the data from Active Directory that is associated with that server.
Clean Up Domain Controller Metadata
If tests show that the domain controller is no longer functioning but you still see objects representing the domain controller in Active Directory Sites and Services, replication will continue to be attempted, and you must remove these objects from Active Directory manually. You must use Ntdsutil to clean up (delete) the metadata for the defunct domain controller.
If the defunct domain controller is the last domain controller in the domain, you should also remove the metadata for the domain. Allow sufficient time for all global catalog servers in the forest to inbound-replicate the domain deletion before promoting a new domain with the same name.
The process for cleaning up metadata is improved in the version of Ntdsutil that is included with Windows Server 2003 SP1. Instructions for cleaning up metadata with the Windows Server 2003 version of Ntdsutil and the Windows Server 2003 SP1 version of Ntdsutil are provided in the following procedure.
Requirements
Administrative credentials: To complete this procedure, you must be a member of the Enterprise Admins group.
Tools: Ntdsutil (System32 command-line tool)
To clean up server metadata
Open a Command Prompt.
Type the following command, and then press ENTER:
ntdsutil
At the ntdsutil: command prompt, type the following command, and then press ENTER:
metadata cleanup
Perform metadata cleanup as follows:
If you are performing server metadata cleanup only and you are using the version of Ntdsutil.exe that is included with Windows Server 2003 SP1, at the metadata cleanup: command prompt, type the following, and then press ENTER:
remove selected server ServerName
Or
remove selected server ServerName1onServerName2
Value Description
ServerName, ServerName1
The distinguished name of the domain controller whose metadata you want to remove, in the form cn=ServerName,cn=Servers,cn=SiteName, cn=Sites,cn=Configuration,dc=ForestRootDomain
ServerName2
The DNS name of the domain controller to which you want to connect and from which you want to remove server metadata
If you are performing metadata cleanup by using the version of Ntdsutil.exe that is included with Windows Server 2003 with no service pack, or if you are performing both domain metadata cleanup and server metadata cleanup, perform metadata cleanup as follows:
At the metadata cleanup: command prompt, type the following command, and then press ENTER:
connection
At the server connections: command prompt, type the following command, and then press ENTER:
connect to server Server
At the connection: command prompt, type the following command, and then press ENTER:
quit
At the metadata cleanup: command prompt, type the following command, and then press ENTER:
select operation target
At the select operation target: command prompt, type the following command, and then press ENTER:
list sites
A numbered list of sites appears. Type the following command, and then press ENTER:
select site SiteNumber
At the select operation target: command prompt, type the following command, and then press ENTER:
list domains in site
A numbered list of domains in the selected site appears. Type the following command, and then press ENTER:
select domain DomainNumber
At the select operation target: command prompt, type the following command, and then press ENTER:
list servers in site
A numbered list of servers in a domain and site is displayed. Type the following command, and then press ENTER:
select server ServerNumber
At the select operation target: command, type the following command, and then press ENTER:
quit
At the metadata cleanup: command, type the following command, and then press ENTER:
remove selected server
If the server whose metadata you have removed is the last domain controller in the domain and you want to remove the domain metadata, at the metadata cleanup: command prompt, type the following command, and then press ENTER:
remove selected domain
Metadata for the domain that you selected in step h is removed.
At the metadata cleanup: and ntdsutil: command prompts, type quit, and then press ENTER.