1501: Windows 2000/2003 Active Directory is out of Sync After Primary Domain Controller Rollback

use Google Translate

Last update: 14-05-2009

If Primary Domain Controller of Windows 2000/2003 Active Directory goes down and Backup Domain controller automatically takes over, then Active Directory will be out of Sync after Primary Domain Controller is restored from a backup


There is a Windows 2000/2003 Active Directory with a Primary Domain Controller and a Backup Domain Controller. If the Primary Domain Controller goes down and the Backup Domain Controller automatically takes over, then the Active Directory will be out of Sync after the Primary Domain Controller is restored from a backup.


The are two solutions for the described issue:

  1. Preventive
    This solution allows you to avoid such an issue problem before it happens.
  2. Resultive
    This solution allows you to solve such an issue after it happened.

Preventive solution

See Backing Up and Restoring Active Directory Server with Acronis True Image.

Resultive solution

If you did not use the preventive solution, then you will need to demote and promote the restored server as a Domain Controller. While doing this you can encounter problems with the server demotion because of the absence of Sync and Replication. The only way is to force the server demotion by using the dcpromo /forceremoval command:

  • Click Start -> Run;
  • Type in cmd;
  • In the command-line type in dcpromo /forceremoval and hit Enter.

This will remove the server from the domain, but will not clean up the database of the current Domain Controller. See Domain controllers do not demote gracefully when you use the Active Directory Installation Wizard to force demotion in Windows Server 2003 and in Windows 2000 Server.

You will need to clean up the database manually as described in How to remove data in Active Directory after an unsuccessful domain controller demotion.

More information

See also: