Re: Deader than a doorknob PDC w/AD
- From: "Jorge de Almeida Pinto" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Thu, 29 Dec 2005 15:48:36 +0100
I'm trying to understand what you mean with "dual PDC domain"...
>From my understanding until now you have a domain with 2 DCs and one of
those DCs died. Right?
Assuming that is correct...
It is not entirely clear which one is a GC and which one holds the FSMO
roles and which one hosts DNS. All those components are very important for
AD to function properly!!!
First: you need to clean up the AD metadata for the W2K DC that died and you
do this on the other W2K DC
See for more info:
http://blogs.dirteam.com/blogs/jorge/archive/2005/12/03/213.aspx
Second: on the W2K DC you may need to install the Support Tools on the DC or
copy the files mentioned below from another W2K machine to the W2K DC. I
always advise to install the Support Tools and the Resource Kit Tools
Third: we are going to determine from the command line to see if the W2K DC
is a GC. On the W2K DC run (without the quotes!): "REPADMIN /OPTIONS <W2K DC
NAME>". It should show something like IS_GC. If it does not show that then
make the W2K3 DC a GC by executing (without the quotes!): "REPADMIN /OPTIONS
<W2K DC NAME> +IS_GC"
Fourth: We need to make sure the W2K DC, or another server, hosts DNS
services and the W2K DC points to it itself or to the other server. On the
W2K DC execute (without the quotes): "NET START DNS". If it says something
like 'The requested service has already been started' then DNS is installed.
If it says something like 'The service name is invalid' then DNS is not
installed. In the latter case get your W2K (SP?) CD and install DNS on the
W2K DC using the Add/Remove Programs from the control panel. See also:
http://support.microsoft.com/?id=275278
Fifth: Make sure the W2K DC is pointing to the DNS server in the TCP/IP
properties. Retrieve the TCP/IP properties from the network connection and
make sure the IP address of the W2K DC is listed as preferred DNS server.
Sixth: Make sure important records are registered in DNS. Execute the
following commands on the W2K DC (without the quotes): "IPCONFIG
/REGISTERDNS" + "NET STOP DNS & NET START DNS" + "NET STOP NETLOGON & NET
START NETLOGON"
Seventh: On the W2K DC check which DCs host the FSMO roles. For all roles
the W2K DC DOES NOT host SEIZE the FSMO role to the W2K DC. For more info
see:
http://support.microsoft.com/?id=324801 (How to view and transfer FSMO roles
in Windows Server 2003)
http://support.microsoft.com/?id=255504 (Using Ntdsutil.exe to transfer or
seize FSMO roles to a domain controller)
http://support.microsoft.com/?id=255690 (How to view and transfer FSMO roles
in the graphical user interface)
http://support.microsoft.com/?id=197132 (Windows 2000 Active Directory FSMO
roles)
http://www.petri.co.il/transferring_fsmo_roles.htm
http://www.petri.co.il/seizing_fsmo_roles.htm
Eighth: run the following commands on the W2K DC to check its health
(without the quotes): "DCDIAG /D /C /V > DCDIAG_OUTPUT.TXT" and "NETDIAG
/DEBUG /V > NETDIAG_OUTPUT.TXT". Open both output files and search for the
words FAILED and ERROR to see what eventual errors are being experienced.
And last but not least... install the new server using the same name and IP
and install and configure everything else that is neededn (like DNS, WINS,
DHCP ,etc)
Good luck!
--
Cheers,
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
"tfiorda" <tfiorda@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CA333B5E-488D-4FD3-AE02-FD284CBB8588@xxxxxxxxxxxxxxxx
> BTW, I forgot to mention that it's a Win2K Adv Svr domain.
>
> Thanks,
>
> Tony...
>
> "tfiorda" wrote:
>
>> I have a dual PDC domain that had the main DC die big time. It's not
>> recoverable and any data on it has been lost. I am wanting to replace
>> this
>> DC with another machine (new) using the same machine name and IP address.
>> I've already transfered the FSMO roles (all that is except the Schema
>> Master
>> which looks like it's been grabbed by the seconday PDC) and was wondering
>> what step I need to take to make this happen. I've been out of Windows
>> troubleshooting for a long time and I am very rusty. What are my
>> gotchas?
>> Steps to take? And am I nuts!?
>>
>> Luckily I've been running dual services, DHCP, DNS, etcetera so the
>> network
>> is still functioning. And luckily my Cert Srv is on the machine still
>> running, although the IAS server was on the one that crashed. No
>> problem,
>> just no PEAP until that is up again.
>>
>> I've searched the KB, and I know the info is there, but I cannot find it.
>> Any help would be appreciated.
>>
>> Thanks,
>>
>> Tony...
.
- Follow-Ups:
- Re: Deader than a doorknob PDC w/AD
- From: tfiorda
- Re: Deader than a doorknob PDC w/AD
- From: tfiorda
- Re: Deader than a doorknob PDC w/AD
- Prev by Date: Re: Administrators Group in Local Users and Groups
- Next by Date: Re: UserAcccountControl
- Previous by thread: Re: Domain Join Problem
- Next by thread: Re: Deader than a doorknob PDC w/AD
- Index(es):
Relevant Pages
|
Loading
