Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Restored Object (Computer) from AD Deleted Items gives Error of Duplicate Name on the Network! (AdRestore and ldp.exe)

11 views
Skip to first unread message

amlee

unread,
Dec 27, 2009, 6:36:08 PM12/27/09
to
Someone accidently deleted a Computer from AD and I want to restore it
back.

This Computer acts as a Virtual IP to our SQL Cluster

Here is what I have done so far.

I ahve used AD Restore and ldp.exe and restored the computer back,
reset the account and enabled it back

But when i try to right click on it and go to Manage it spits out
error saying

It cannot be managed. You are not connected as a Duplicate name exists
on the network.

I have checked Service Principal names and it didnt find any duplicate
names.

Also did below to find duplicate entries

csvde -d “DC=example,DC=com” -r “(|(objectCategory=user)
(objectCategory=contact))” -l
cn,sn,givenName,showInAddressBook,proxyAddresses -f exp_example1.txt[/
i]

Any one has any ideas.. Due to this I cannot map any shares onto the
VIP as it doesn't show in the domain.

--A

Meinolf Weber [MVP-DS]

unread,
Dec 28, 2009, 9:49:53 AM12/28/09
to
Hello amlee,

Before restoring the object, did you check that the deletion was replicated
through the domain? Do you see in AD UC now a conflict object with same name
and a GUI number behind?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Ace Fekay [MCT]

unread,
Dec 28, 2009, 10:08:06 AM12/28/09
to
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911db77c8...@msnews.microsoft.com...

> Hello amlee,
>
> Before restoring the object, did you check that the deletion was
> replicated through the domain? Do you see in AD UC now a conflict object
> with same name and a GUI number behind?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Hi Meinolf,

I agree that it appears to be a replication issue, unless there are other
mitigating circumstances we are nor aware of, such as issues with DCs,
replication, event log errors, DC multihoming, etc.

My thoughts are to wait for replication, or delete the computer object
again, wait for replication or force it, then either try to restore the
object, or disjoin and rejoin the computer. It will use the current profile
once again once rejoined.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Michael Montgomery

unread,
Dec 28, 2009, 12:40:56 PM12/28/09
to
On Dec 28, 10:08 am, "Ace Fekay [MCT]"
<ace...@mvps.RemoveThisPart.org> wrote:
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in messagenews:6cb2911db77c8...@msnews.microsoft.com...

>
> > Hello amlee,
>
> > Before restoring the object, did you check that the deletion was
> > replicated through the domain? Do you see in AD UC now a conflict object
> > with same name and a GUI number behind?
>
> > Best regards
>
> > Meinolf Weber
> > Disclaimer: This posting is provided "AS IS" with no warranties, and
> > confers no rights.
> > ** Please do NOT email, only reply to Newsgroups
> > ** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm

>
> Hi Meinolf,
>
> I agree that it appears to be a replication issue, unless there are other
> mitigating circumstances we are nor aware of, such as issues with DCs,
> replication, event log errors, DC multihoming, etc.
>
> My thoughts are to wait for replication, or delete the computer object
> again, wait for replication or force it, then either try to restore the
> object, or disjoin and rejoin the computer. It will use the current profile
> once again once rejoined.
>
> --
> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
> 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer

Is it at all possible that the error could be created by the DNS entry
for the Computer?

Currently the computer exists in DNS but there is no replication
schema that shows this computer ID existing in the production Active
Directory.

More importantly the computer ID that has been deleted is a Cluster
and therefore not a physical server. Will disjoining the server from
AD and rejoining it cause stability issues for the Cluster service?

Is there a process that we can follow to rejoin this server to the AD
without destroying the Cluster?

Most of the time I am quite happy to do these changes on the fly with
MS and AD however the addition of the Cluster service to this
situation really stands my hair on end.

Thanks for your assistance!

Ace Fekay [MCT]

unread,
Dec 28, 2009, 7:01:32 PM12/28/09
to

> On Dec 28, 10:08ᅵam, "Ace Fekay [MCT]"

How did you originally add the cluster name or ID to AD? By it's SPN
value?

You do not join a cluster name or ID to AD in the traditional sense
that you would a physical machine.

It may be possible that the record is in WINS, and/or still in the
browse list, which will cause it to come up as a dupe.

If I may suggest, you may be better posting this to the Microsoft
cluster newsgroup for specific assistance. Here is the name of the
Microsoft newsgroup, which will work for using a direct access
newsreader such as Outlook Express, Windows Mail, or other.

microsoft.public.windows.server.clustering

However, I see you are using Google groups to post, which you will have
to search for the group name in Google.

Keep in mind, directly posting to the actual newsgroup with a
newsreader is actually beneficial for you, because Google groups is
*really* pulling/posting your posts directly to the Microsoft
newsgroups and is acting as a middle-man anyway. Besides, you have more
control using a newsreader, than you do with Google.

Ace


Michael Montgomery

unread,
Dec 29, 2009, 4:41:45 PM12/29/09
to
Thanks for the tips Ace
>

Regarding the creation of the computer object in AD, that was done by
the Cluster Service installation and follows the same process that
joining a physical server to the domain uses. The only difference is
that the domain connection is created during installation and is
required for the Cluster to function normally.

As far as the Cluster goes it's very much a text book install with no
deviation from the Installation Guide Book that Microsoft produces.

ToDo:

Check WINS and test removing the DNS entry and run the Tombstone
restore again.

If this doesn't work then I'll setup a maintenance window and recreate
the computer ID as Meinoff suggested.

Ace Fekay [MCT]

unread,
Dec 29, 2009, 9:45:46 PM12/29/09
to
"Michael Montgomery" <12c...@gmail.com> wrote in message
news:7d869527-6809-438b...@e27g2000yqd.googlegroups.com...

Ok. Let us know how you make out. If not successful, I would suggest the
cluster newsgroups for their expertise.

Ace


amlee

unread,
Dec 29, 2009, 11:34:46 PM12/29/09
to
On Dec 29, 6:45 pm, "Ace Fekay [MCT]" <ace...@mvps.RemoveThisPart.org>
wrote:
> "Michael Montgomery" <12ch...@gmail.com> wrote in message

Update,

There is no WINS in the environment

I deleted the DNS entries and then restored the object.

Now the error is different, it doesn't complain about the duplicate
object but says \\XXXX cannot be Managed. The Network path was not
found.

Ideas?

Thanks much.

amlee

unread,
Dec 29, 2009, 11:47:40 PM12/29/09
to

Restarting the DNS brought it to same issue. Duplicate Name exists on
the Network.

Ace Fekay [MCT]

unread,
Dec 30, 2009, 1:32:27 AM12/30/09
to
"amlee" <pan...@gmail.com> wrote in message
news:87ba0c53-2ddc-4f1a...@m38g2000yqd.googlegroups.com...


I would think if the dupe issue keeps appearing, it may be in AD. I suggest
trying ADSI Edit. Look in the zone, and see if there are any records that
start with "CNF..." or "In Progress..."

I'm not familiar enough how the cluster service creates the object, or where
it puts it, but look in that area, too in ADSI Edit.

Also bounce around and look (be careful not to change anything) to see if
you can find it.

Ace


amlee

unread,
Jan 5, 2010, 8:50:25 PM1/5/10
to
On Dec 29 2009, 10:32 pm, "Ace Fekay [MCT]"

Dont see any CNF or In Progress with ADSI Edit... Need to dig for the
cluster Service now.

Ace Fekay [MVP-DS, MCT]

unread,
Jan 6, 2010, 3:04:46 AM1/6/10
to
"amlee" <pan...@gmail.com> wrote in message
news:f56db53f-9efb-4439...@r5g2000yqb.googlegroups.com...


> Dont see any CNF or In Progress with ADSI Edit... Need to dig for the
> cluster Service now.

Hmm, I thought and was hoping you would find it in there so it would have
been an easy fix.

Ace

amlee

unread,
Feb 16, 2010, 10:30:31 PM2/16/10
to
On Jan 6, 12:04 am, "Ace Fekay [MVP-DS, MCT]"

Here is the FIX!!

We were able to go into the "Cluster Name" option in the Cluster
Administrator and use the "Rename" option to first set the name as
blahblah (yes this is the name that was already listed in the box) and
then check
the checkbox for "DNS Registration Must Succeed" option.

Hit apply and Blammo! the computer ID showed up in the Active
Directory.

Ace Fekay [MVP-DS, MCT]

unread,
Feb 17, 2010, 1:09:50 AM2/17/10
to
> On Jan 6, 12:04ᅵam, "Ace Fekay [MVP-DS, MCT]"

> <ace...@mvps.RemoveThisPart.org> wrote:
>> "amlee" <pan...@gmail.com> wrote in message
>>
>> news:f56db53f-9efb-4439...@r5g2000yqb.googlegroups.com...
>>
>>> Dont see any CNF or In Progress with ADSI Edit... ᅵNeed to dig for the

>>> cluster Service now.
>>
>> Hmm, I thought and was hoping you would find it in there so it would have
>> been an easy fix.
>>
>> Ace
>
> Here is the FIX!!
>
> We were able to go into the "Cluster Name" option in the Cluster
> Administrator and use the "Rename" option to first set the name as
> blahblah (yes this is the name that was already listed in the box) and
> then check
> the checkbox for "DNS Registration Must Succeed" option.
>
> Hit apply and Blammo! the computer ID showed up in the Active
> Directory.

That is good to hear! I appreciate you posting and update to your fix.
Hopefully it will help others if they are having this error with
Cluster services, as well.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE

& MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance,

0 new messages