Un-Hosting & Re-Hosting Active Directory Partitions

  • Article

This technique allows you to "re-host" a partition on an Active Directory domain controller without dumping all the other read only partitions (like you would by simply un-checking the global catalog option). It saves time, replication traffic and reduces the impact on your domain controller in cases where you believe you have invalid data hosted on a particular server.

Short Version:

1. Command: repadmin /unhost <dc-name> <partition-name>

2. Command: repadmin /rehost <dc-name> <partition to rehost> <good-source-dc>

Long Version:

Often when administrators are faced with an issue that appears to be related to their global catalogue functionality the first instinct is to uncheck the global catalogue box in AD sites and services, then re-check it to drop all the partitions and start again.

 While this should work there are some serious drawbacks. If you have a forest with multiple domains, you are going to need to replicate the entire partial attribute set from each domain in the forest. Using the example below, you would have to re-sync 8 partitions which could take quite some time. You will put a large load on the domain controller. You might put a heavy load on your network. It could take a long time over slow links. And, the domain controller wont advertise itself as a global catalogue until it its finished all the replication.

 

If you do choose to go that route, you will know when the server is advertising as a global catalogue again when you get a 1119 event in the event viewer:

You will also find your domain controller listening on port 3268 ("netstat -anob > netstat.txt", or just netstat -anob | find /I "3268")

Don't go that route though... in a large environment its truly not worth the pain waiting for all partitions.

Instead...

Use repadmin.exe to be specific about what it is you would like to do.

Using my lab, lets assume that DC2.contoso.com holds a copy of the read only partition for corp.contoso.com that I consider 'bad'. Lets un-host that read only partition from DC2, then drag a good copy from the read-write replica DC4.corp.contoso.com that I consider 'good'.

Command: repadmin /unhost <dc-name> <partition-name>

In our example: repadmin /unhost dc2 dc=corp.contoso.com

You can see that the partition has been removed from the server.

A few things:
- the server is still listening on the global catalog port 3268 ("netstat -anob")
- the server still has the tick in the box for global catalog
- You will receive a 1658 message in the directory services log indicating the partition is being removed.
- You will receive a 1660 when the partition is gone.

To re-host the partition we use:

Command: repadmin /rehost <dc-name> <partition to rehost> <good-source-dc>

In our example: repadmin /rehost dc2 dc=corp,dc=contoso,dc=com dc4.corp.contoso.com

You will note new replication links are built, and the partition is sourced from the location you choose.

I hope that this has been useful for you. If you are in any doubt whether you should attempt this on a partition remember to log a call with Microsoft support first. If you are a premier customer, have a field engineer come out and walk you through this in your lab first to completely understand the process.