Removing a secondary domain

Similar Messages

• Problems Removing Secondary Domain and agents

  I had a secondary Domain and a gwia and webaccess agent running on an vm box. The box had issues and crashed and I was unable to recover it. I am now left with a secondary domain and two gateways that I can cannot get rid of because the edir objects are gone. I get this error when I try to connect to the gateways....E-Directory counterpart of this object does not exist. The objects are not in edir. I am also unable to delete the domain because it has subordinates left under it. What are my choices for cleaning this out. I really would like to get this resolved before I try to upgrade to GW8.
  Thanks so much for your help!
  Rodney Neal

  This can be fairly difficult given your situation of not being able to recover the server so you might consider opening a service request with a partner or Novell Technical Support. I will try to give you the steps to follow though here..
  1. You need to first get the object back in the tree. To do this, you must graft them in by selecting a container in the tree and selecting Tools|GroupWise Utilities|GW/eDIr Associations|Graft GroupWise Objects. Follow the wizard through all the steps. This should get you the objects back though I do not understand why they would be gone in the first place with just a server crash. I assume that eDir was on other servers as well so wondering if you manually deleted the objects but either way, that is what you need to do.
  2. This is where it can be a bit tricky. You need to create a temp folder on the server and rebuild the secondary domain into that folder so that you have a database to work with. Just go to properties of that secondary domain and change the UNC path to point to the temp folder and then under GroupWise Utilities|System Maintenance choose Rebuild Database. In the end, there should be a wpdomain file in that temp folder.
  3. Copy in all the .dc files from your primary domain root folder into this temp folder.
  4. You now need to Release that secondary domain from the GroupWise system. To do this, make sure you are connected to the primary GW domain and then right click on the secondary in question and choose GroupWise Utilities|GroupWise System Maintenance and then there is an option to release secondary. This also brings up a wizard to walk you through the process.
  5. Now the secondary should show up in your live system as an external system. You just need to go under Tools|GroupWise System Operations|External System Synchronization and delete the new link it automatically created.
  6. Now you can just delete the objects. You may need to delete them separately from the tree afteward.
  Let me know if you have any more questions or need clarification.

• Unable to rebuild secondary domain.

  When I try to rebuild one of my secondary domains, I follow the procedure below.
  https://www.novell.com/documentation...t_rebuild.html
  The task says that the rebuild is complete, but when I start the MTA back, the service crashes. When I try to launch the command by hand using "./gwmta -show -home /opt/novell/groupwise/domain", I get a segmentation fault error. If I remove the wpdomain.db file and copy the backed up file back in, I reboot the server and the services start fine.
  Any Ideas?
  Thanks,
  Jayson Rainsberger

  Hi Jayson,
  Perhaps try the rebuild from the command line using the gwadminutil.
  Documentation reference: http://www.novell.com/documentation/...w-rebuild.html
  Please let us know how it goes.
  Cheers,

• How do I remove a secondary apple id from my Mac? I am being prompted for a apple id password for a former user; I do not have the information.  Prevents updates from App Store.

  How do I remove a secondary Apple ID that is not in use from my MacBook pro? The ID does not belong to me and when I attempt to download updates from App Store with my Apple ID, I am prompted for the password of the secondary Apple ID.

  Is this a second hand Mac? If so, you need to erase the Mac and install the version of OS X that shipped installed on the Mac from the factory. Then you set the Mac up as new with your Apple ID.
  User Linc Davis explains how a new owner can prepare a 2nd hand Mac for their own use.
  https://discussions.apple.com/message/25468326

• I need to be able to find domain controllers that have been removed from the domain but never demoted

  I need to find domain controllers that have been removed but never demoted.
  Here's the story...
  I came on an Active Directory administrator for an organization which has 600+ domain controllers, most running Server 2003, but I have some Server 2008R2. Throughout all this time the organization has had DCs that have stopped working, crashed or failed
  for some reason and all the IT department has done is created another domain controller name it the same thing with an (A), (B) appended to the name and then never removed any of the failed controllers from the directory.
  Thing is this has been going on for quite some time, don’t know for sure how long as I am still trying to clean up DNS replication problems and have been having to go around and reset machine passwords for the forest. What I need to be able to do is to script
  something that will return all the failed DCs so that I can go into the directory and use NTDUTIL to clean the machines. I don’t want to go into the directory and remove a machine that’s still out there. No one in the organization has a list or record of failed
  machines.
  You can see this may be a gargantuan task, but I need to be able to make it easier on 
  myself by finding the machines first and cleaning out DNS, cleaning the DCs out of the “Sites” and cleaning them out of the directory.
  Appreciate any help I can get…

  Hi,
  Thanks for posting in the forum.
  Regarding your question, maybe we should remove these orphaned DC from AD, please try to refer to the following articles to perform the cleanup task.
  How to remove completely orphaned Domain Controller
  http://support.microsoft.com/kb/555846
  Complete Step by Step to Remove an Orphaned Domain controller
  http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx
  Metadata Cleanup of a Domain controller
  http://sandeshdubey.wordpress.com/2011/10/12/metadata-cleanup-of-a-domain-controller/
  Here is a similar thread as reference, hope it helps.
  Remove References of a Failed DC/Domain
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/87516188-731a-4b7f-a4cc-06ce4ad27b19/remove-references-of-a-failed-dcdomain
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• Secondary domain controller not able to connect from work stations.

  We are using primary and secondary domain controllers. In which the secondary domain controller act as a replication server. actually the problem occurs while accessing the secondary domain controller from work stations I get the following error:
   "The trust relationship between this workstation and the primary domain failed".
  Any one please give as a solution.
  Thank you.

  Hi,
  Most simple resolution would be unjoin/disjoin the computer from the domain and rejoin the computer account back to the domain.
  There might be multiple reasons for this kind of behavior.
  Here are a few of them:
  Single SID has been assigned to multiple computers.
  If the Secure Channel is Broken between Domain controller and workstations
  If there are no SPN or DNS Host Name mentioned in the computer account attributes
  Outdated NIC Drivers.
  According your description, the second one may be the cause of your problem.
  When a Computer account is joined to the domain, Secure Channel password is stored with computer account in domain controller. By default this password will change every 30 days (This is an automatic process, no manual intervention is required).
  Upon starting the computer, Netlogon attempts to discover a DC for the domain in which its machine account exists. After locating the appropriate DC, the machine account password from the workstation is authenticated against the password on the DC.
  If there are problems with system time, DNS configuration or other settings, secure channel’s password between Workstation and DCs may not synchronize with each other.
  A common cause of broken secure channel [machine account password] is that the secure channel password held by the domain member does not match that held by the AD. Often, this is caused by performing a Windows System Restore (or reverting
  to previous backup or snapshot) on the member machine, causing an old (previous) machine account password to be presented to the AD.
  Follow below link which explains typical symptoms when Secure channel broken,
  Typical Symptoms when secure channel is broken
  http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx
  For detailed information, please refer to the link below,
  Troubleshooting AD: Trust Relationship between Workstation and Primary Domain failed
  http://social.technet.microsoft.com/wiki/contents/articles/9157.troubleshooting-ad-trust-relationship-between-workstation-and-primary-domain-failed.aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Things to consider when removing from AD domain a SQL Server 2008 which includes Reporting Services

  Do any one have a link to a list of things to consider when removing from AD domain a SQL Server 2008 which includes Reporting Services, Analysis Services and Integration Services?
  I am taking from an Active Directory domain several servers with SQL 2008 and Reporting Services, Analysis Services and Integration Services. The server will stay on its own without association to any domain, the server will keep its IP address and
  the server will not change names.
  I have done some research and I got the basic steps including, removing the user accounts from the domain, changing the services accounts, changing jobs and databases from being owned by users from the domain. But...
  Are there other things in Reporting Services, Analysis Services and Integration Services internal databases that have an association with the domain AND that will fail after no longer being in the domain?
  I've heard of Reporting Services subscriptions failing when the domain user account is no longer there...Are there any other got ya's that any one has encountered?
  Please advice.
  Note: I am posting in this forum basically because of what I heard on Reporting Services, but it may be a better idea to post into a more broad forum such as SQL Server Migration section.
  Thanks beforehand
  Paulino

  Do any one have a link to a list of things to consider when removing from AD domain a SQL Server 2008 which includes Reporting Services, Analysis Services and Integration Services?
  I am taking from an Active Directory domain several servers with SQL 2008 and Reporting Services, Analysis Services and Integration Services. The server will stay on its own without association to any domain, the server will keep its IP address and
  the server will not change names.
  I have done some research and I got the basic steps including, removing the user accounts from the domain, changing the services accounts, changing jobs and databases from being owned by users from the domain. But...
  Are there other things in Reporting Services, Analysis Services and Integration Services internal databases that have an association with the domain AND that will fail after no longer being in the domain?
  I've heard of Reporting Services subscriptions failing when the domain user account is no longer there...Are there any other got ya's that any one has encountered?
  Please advice.
  Note: I am posting in this forum basically because of what I heard on Reporting Services, but it may be a better idea to post into a more broad forum such as SQL Server Migration section.
  Thanks beforehand
  Paulino

• Smtp; 551 5.7.1 relaying denied - new secondary domain does not receive email from internet

  Exchange 2007 smpt error "smtp; 551 5.7.1 relaying denied" Inbound email sender gets this error when trying to send to secondary domain. This is a single server exchange setup.
  Here is what we have done:
  #1 We have added a new policy for the new domain and also added the new domain to my default policy. ( Result are the same whether it is in the default policy or not)
  #2 I also set the new domain as Accepted domain and as Authoritative.
  #3 The mailbox I am sending to has the new domain email address and the address follows the selected conventions in the policy. 
  #4 I have the mx record in dns and verified that using the online MXToolbox.
  #5 I can telnet to the new domain mx record on port 25 and the smtp banner comes up as expected. The result and banner are the same when telneting to the primary domain.
  If I send from my primary exchange domain to the new domain the mail goes through. When I reply back it also works.
  What setting am i missing here? I need to get Exchange 2007 to accept inbound email from the internet.
  Thx
  Scot

  Hi Scot,
  In addition to Rich's suggestion, I would like to clarify the following thing:
  If you have a relay, please ensure that you add the secondary domain to mail relay server.
  What's more, here is a thread for your reference.
  external senders 550 5.7.1 relaying denied
  http://social.technet.microsoft.com/Forums/exchange/en-US/416ed3e3-a346-4794-ba2a-c53086f704b0/external-senders-550-571-relaying-denied-exchange-2010?forum=exchangesvrsecuremessaginglegacy
  Hope it helps.
  If there are any problems, please feel free to let me know.
  Best regards,
  Amy
  Amy Wang
  TechNet Community Support

• Moving a Secondary Domain and Its Associated GWIA

  I need to free up a server for my GroupWise 2014 move from stand-alone hardware to a brand new SAN/Virtual environment and I could use some tips so I don't screw it up by forgetting something (and I don't want to do it the hard way, any tips to make it an easy thing would be helpful). I'm looking for tips on how to move the domain, not on virtualization.
  Here's the dirt:
  I have a primary domain set up on its own server, running a GWIA named "GWIA2" (for outgoing mail only)
  I have a secondary domain on its own server, running a GWIA named "GWIA" (for incoming mail only). The secondary domain has no post offices, just the GWIA. It's only purpose is to accept incoming mail and forward it to the primary domain. This is the server I need to free-up... I need the hardware.
  My plan at this point is to move the secondary domain (and GWIA) to the same server that the primary domain (and GWIA2) resides on temporarily, so I can use the secondary domain's server as a "virtual" server starting point, once I get the newly freed-up server into my virtual environment, I can then migrate the rest of my GW system over. Once the migration to virtual is complete, I can then move the secondary domain back to its own server (if I even really need to).
  My questions:
  1) Do I even need to move the secondary domain and GWIA? Should I just delete it and run with one domain? I'm in a state government situation and we get a LOT of incoming mail when we are in session. This is why I set up two domains in the first place; one for incoming mail and one to handle outgoing (the primary domain handles the outgoing mail because the volume is considerably lower than incoming mail).
  2) Does it even make sense to have a separate server for incoming mail and outgoing mail after virtualization?
  3) If I do need to move the domain, what steps would I need to take? I'm thinking about things like reconfiguring the links, moving the objects in GWadmin console, IP Address changes (I do not need to change the MX record, that points to my SMTP filter, which then forwards the messages to my secondary domain - I'd just need to point it at the new IP address).
  Any other thoughts would be appreciated. I'm just now beginning to form the outline of what I need to do and I thought I'd get input from you guys to help me solidify my plan. Any advice or thoughts will be graciously welcomed.
  PJM

  laurabuckley wrote:
  > Further to that I think, but stand to be corrected on this, that two GWIA's on
  > the same box, if you are not binding exclusively to two separate IP's, is not
  > going to work due to port conflicts.
  Correct - if you have them bind to separate IP addresses, they should work, but
  otherwise only one GWIA per server. I personally am not sure that separate
  GWIAs are all that important. Two domains are nice though for disaster
  recovery, but if they are both on the same server, the redundancy is not really
  there.
  Danita
  Novell Knowledge Partner
  Are you a GroupWise Power Administrator? Join our site.
  http://www.caledonia.net/register
  If you find this post helpful and are logged into the web interface,
  show your appreciation and click on the star below...

• Secondary Domain Controller Not Authenticating Domain Users

  Hi.
  I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
  DC USA
  Installation & replication of AD went fine
  India domain users login is damn slow.
  When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
  Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
  Please find the dcdiag results below and any help much appreciated
  Performing initial setup:
     Trying to find home server...
     Home Server = server2
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: INDIA\server2
        Starting test: Connectivity
           ......................... server2 passed test Connectivity
  Doing primary tests
     Testing server: INDIA\server2
        Starting test: Advertising
     Warning: DsGetDcName returned information for \\server1.tst.mycompany.com, when we were trying to reach
     server2.
     SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
           ......................... server2 failed test Advertising
        Starting test: FrsEvent
           ......................... server2 passed test FrsEvent
        Starting test: DFSREvent
           There are warning or error events within the last 24 hours after th
           replication problems may cause Group Policy problems.
           ......................... server2 failed test DFSREvent
        Starting test: SysVolCheck
           ......................... server2 passed test SysVolCheck
        Starting test: KccEvent
           ......................... server2 passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... server2 passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... server2 passed test MachineAccount
        Starting test: NCSecDesc
           ......................... server2 passed test NCSecDesc
        Starting test: NetLogons
           Unable to connect to the NETLOGON share! (\\server2\netlogon)
           [server2] An net use or LsaPolicy operation failed with error 67,
           ......................... server2 failed test NetLogons
        Starting test: ObjectsReplicated
           ......................... server2 passed test ObjectsReplicated
        Starting test: Replications
           ......................... server2 passed test Replications
        Starting test: RidManager
           ......................... server2 passed test RidManager
        Starting test: Services
           ......................... server2 passed test Services
        Starting test: SystemLog
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 02/22/2015   17:10:30
              Event String: Intel(R) 82574L Gigabit Network Connection
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 02/22/2015   17:11:24
              Event String: The WinRM service is not listening for WS-Manageme
           An error event occurred.  EventID: 0x0000271A
              Time Generated: 02/22/2015   17:11:24
              Event String:
              The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not regist
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 02/22/2015   17:12:41
              Event String: Intel(R) 82574L Gigabit Network Connection
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 02/22/2015   17:19:36
              Event String:
              Name resolution for the name mycompany.com timed out after none
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 02/22/2015   17:28:54
              Event String:
              Microsoft Windows Server has detected that NTLM authentication i
  his server. This event occurs once per boot of the server on the first time
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 02/22/2015   17:33:35
              Event String: The WinRM service is not listening for WS-Manageme
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 02/22/2015   17:35:54
              Event String:
              Microsoft Windows Server has detected that NTLM authentication i
  his server. This event occurs once per boot of the server on the first time
           ......................... server2 failed test SystemLog
        Starting test: VerifyReferences
           ......................... server2 passed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValida
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValida
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidat
     Running partition tests on : tst
        Starting test: CheckSDRefDom
           ......................... tst passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... tst passed test CrossRefValidation
     Running enterprise tests on : tst.mycompany.com
        Starting test: LocatorCheck
           ......................... tst.mycompany.com passed test LocatorChec
        Starting test: Intersite
           ......................... tst.mycompany.com passed test Intersite

  Hi.
  I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
  DC USA
  Installation & replication of AD went fine
  India domain users login is damn slow.
  When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
  Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
  Firstly make sure that you have configured sites and subnets correctly. According to your information which you have two locations, you should have at least 2 sites and 2 subnets associated to them. If you have forgotten to configure subnets of India in your
  site and services and assigned them to the India site you are experiencing this issue. Also make sure if clients in India has appropriate network connectivity to the domain controllers in India.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Clustering Configuration with Primary & Secondary Domain Controllers

  Hello.
  I am trying to configure Failover Clustering on my Server 2012 computers.
  I have a primary domain, as well as a secondary domain.
  We will call them dc1.domain.com and dc2.domain.com.
  I have Failover Clustering Manager installed on both servers.
  Upon adding them both to the Create A Cluster Wizard, I receive the following error message on my report.
  (My account is fairly new, so it will not let me attach an image, but I assure you, it is safe)
  s14.postimg.org/lssjm2vu9/Screenshot_1.png

  More that trying to avoid clustering domain controllers, you simply cannot do it.  Active Directory has high availability built into it.  It is known as multimaster, meaning there is no primary and secondary domain controllers.  All are 'masters',
  meaning you can make changes on any domain controller and the change will be replicated to the other DCs.
  If you only have two physical servers and you want to cluster them, you will first need to install the Hyper-V role on the servers (it is not recommended to install both Hyper-V and Domain Controller on the same box, so we will get this fixed).  Once
  you have Hyper-V installed, build a VM on each server, join them to the domain, and promote them to domain controllers.  On one of the VMs, seize the FSMO roles from the FSMO master.  Then demote the physical hosts from being domain controllers. 
  You can now form a cluster of the two physical servers.
  . : | : . : | : . tim

• Working with secondary domain name

  greetings,
  I have a mail system running just fine but i need to add a secondary domain name for my current list of users.
  current domain = mydomain.net
  additional name = mydomain.org
  I have taken my osx server and split the processes onto different machines.
  [ mx1 ]
  [smtp ]
  [imap ]
  smtp is using ldap transports to locate my users mailbox.
  transport_maps = ldap:/etc/postfix/ldaptransport
  server_host = 10.10.10.10
  search_base = dc=mydomain.net
  query_filter = (mail=%s)
  result_attribute = mailHost
  result_filter = smtp:[%s]
  bind = no
  The result attribute usually displays the imap server.
  Now with the new domain, .... can I use a blanket transport
  mydomain.org smtp:[imap.mydomain.net]:20025
  and on the imap server, set mydestination
  mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mydomain.net, mydomain.org
  any insigyts on the best way to work this?

  Ok solving my own post.
  in my smtp server i was using ldap transport. I have discovered that i can't use ldap transports and hash file transports also.
  So...
  to get both to work I went with the quick and easy hash transport. which works for both domains.
  now the trick is,..writing an ldap table entry for both domains, so that i can use the ldap lookup. ( kindof makes it cool
  -j

• New Secondary domain communication issue

  We are currently migrating our GroupWise system from GW8 on Netware to GW14 on SLES11.
  The primary domain has been migrated (using Danita's guide) and I've created a new secondary domain, and Post Office and it's been mostly trouble free (see my previous thread on this forums)
  I've created another secondary domain, and installed a GWIA on it. Everything appears to be working, and it routes e-mail as it should.
  However, there definitely is an issue that is particularly demonstrable when creating a new user.
  Test 1:
  > Connected to PO Domain
  > Create user
  > Check user exists
  > Connect to GWIA Domain - new user does not appear.
  Test 2:
  > Connected to GWIA Domain
  > Create user
  > User appears but greyed out
  > Connect to PO domain - user present and been tested working.
  So it appears that the GWIA Domain is able to communicate out, but isn't receiving comms from other Domains.
  I've quadruple checked the link configuration and the GWIA domain is set to communicate by direct IP (both inbound and outbound) to the other Domains and vice versa.
  I've also checked the permissions on the wpdomain.db file and they appear to be identical to those on the other domains.
  At the moment I can resolve these by running a rebuild on the GWIA domain - which is obviously a bit of a 'nuclear option', and any new users created, moved, etc necessitate another rebuild.
  Any ideas how to troubleshoot further, or anything obvious I've overlooked?
  Thanks in advance.

  This has been a bit of epic SR with Novell, down to being in totally different time zones and having little overlapping work time, but it's fixed.
  I've included all of the fault finding and fix attempts in case these help someone else.
  Fault finding:
  > While connected to the Primary domain I changed the description of a secondary domain that was having the issue.
  > Checking the logs on the secondary domain, we found the message was getting queued to /wpcsout/ads/2
  > Checking this folder I found 678 files - so definitely an issue of admin messages not being processed for some time.
  Fault Fix 1:
  On Secondary domain:
  > delete contents of wpcsout/ads/2
  > rename wpdomain.db on
  > rebuild secondary domain
  As soon as I started the MTA again, a message was immediately created in the wpcsout/ads/2
  In pending operations an entry was listed with a creation date of December - so we'd found our culprit.
  Fault Fix 2
  On Secondary domain:
  > Followed Novell Document ID 7013078
  To paraphrase the document -
  > Stop the MTA, rename wpcsin, wpcsout and mslocal folders
  > restart MTA
  Again, file reappeared immediately in wpcsout/ads/2, and pending operation came back.
  Fault Fix 3
  On Secondary domain:
  > Stop all agents on server
  > rename domain directory
  > create new directory with same name
  > copy wpdomain.db and any .dc files from old domain folder to new.
  > copy wpgate folder from old domain folder to new
  > copy .mta files from old domain folder to new
  > restart agents
  Again, file reappeared immediately in wpcsout/ads/2, and pending operation came back.
  Final Fix
  > Clear any pending operations on the secondary domain, if possible (Ours was clear since it seemed to not be processing any messages any way)
  > copy .dc files from primary domain directory in to the secondary domain directory
  > carry out renames as per doc 7013078
  > Restart secondary Domain MTA
  This fixed it. I've changed the description of a secondary domain, and the change has gone through.
  I have also created a user and it does now appear when connected to all the secondary domains
  Quite why the .dc files gave it the kick it needed our support guy or the backline engineer who was also assisting couldn't explain, but it is apparently something that has been found to fix it.

• Server 2012 Secondary Domain Controller not picking up AD nor DNS responsibilities

  I had a single Domain Controller providing AD, DNS and  DHCP.  I went through the steps to add a Secondary Domain Controller.  All the AD and DNS info shows up in the Secondary Server, however, when my original Domain Controller is turned
  off, the second Domain Controller is not taking over for AD and DNS.

  Hi Bayousmurf,
  Good that you made some progress. However, can you please provide us the information on how you acheived transfering FSMO role to another DC since you had some issue earlier?
  Your initial intention was to demote the original DC. Please follow the below link for the steps to demote the DC.
  http://technet.microsoft.com/en-in/library/jj574104.aspx
  Still if I power off the original DC the new one isn't taking up DNS.  Still looking into the DNS...
  Can you please elaborate what exactly you are looking for? When you power off original DC, you don't see DNS in new DC? Is your DNS active directory integrated? If not please follow the below procedure to make it as a AD integrated. Once done, then, power
  off original DC and look in new DC to see if DNS shows up.
  http://www.tomshardware.com/faq/id-1954324/configure-active-directory-integrated-dns-zone-windows-server-2012-dns-server.html
  Thanks,
  Umesh.S.K

• Getting error when I try to remove eum secondary email address from the Mailbox from Exchange 2013 server

  Getting error when I try to remove eum secondary email address from the Mailbox from Exchange 2013 server. The command works if you issue directly from the server exchange shell.
  I open the remote power shell to the exchange server 2013.
  Issue the following commands and getting the following error.
  $mailbox = Get-Mailbox -Identity testuser$mailbox.EmailAddresses -= "eum:50004;phone-context=telExt5digits.lync5.com"Then getting the following error:Method invocation failed because [System.Collections.ArrayList] doesn't contain a method named 'op_Subtraction'.
  At line:1 char:27
  + $mailbox.EmailAddresses -= <<<<  "eum:50004;phone-context=telExt5digits.lync5.com"
      + CategoryInfo          : InvalidOperation: (op_Subtraction:String) [], RuntimeException
      + FullyQualifiedErrorId : MethodNotFoundHelp!

  Now for an answer - your remote session doesn't have the same object you have on the server itself.  Notice it says this is an array list, not a ProxyAddressCollection.  If you need to work around this, you'll need to massage the addresses another
  way that the system will accept.  I'd try the following:
  $NewAddresses = $mailboxEmailAddresses | ? { $_ -notlike "eum:50004;phone-context=telExt5digits.lync5.com" }
  See what you get in the $NewAddresses variable when you do this.