Re: Deader than a doorknob PDC w/AD

---

• From: "tfiorda" <tfiorda@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 29 Dec 2005 07:41:02 -0800

---

Jorge,

Thanks for the response.

Yes, it's a dual DC domain and both DCs were running DNS, WINS, DHCP and
replicating these services between them. The DHCP scope was split between
the two DCs with some reservations. The network is still up and running so no
issues there. These services are running fine on the remaining DC and it is
a GC. But I will check all the same just to be safe.

I am looking at your other items now. The FSMO roles have been transfered
and I will seize the Schema Master then clean up the metadata and run the
diags.

After step 8, if I understand you directions correctly, all that remains is
installing the new hardware, run DCPROMO and a day of configurations. Does
the metadata cleanup also remove the computer/DC account in the Active
Directory Users and Computer console?

Thanks,

Tony...

"Jorge de Almeida Pinto" wrote:

> I'm trying to understand what you mean with "dual PDC domain"...
>
> From my understanding until now you have a domain with 2 DCs and one of
> those DCs died. Right?
> Assuming that is correct...
>
> It is not entirely clear which one is a GC and which one holds the FSMO
> roles and which one hosts DNS. All those components are very important for
> AD to function properly!!!
>
> First: you need to clean up the AD metadata for the W2K DC that died and you
> do this on the other W2K DC
> See for more info:
> http://blogs.dirteam.com/blogs/jorge/archive/2005/12/03/213.aspx
>
> Second: on the W2K DC you may need to install the Support Tools on the DC or
> copy the files mentioned below from another W2K machine to the W2K DC. I
> always advise to install the Support Tools and the Resource Kit Tools
>
> Third: we are going to determine from the command line to see if the W2K DC
> is a GC. On the W2K DC run (without the quotes!): "REPADMIN /OPTIONS <W2K DC
> NAME>". It should show something like IS_GC. If it does not show that then
> make the W2K3 DC a GC by executing (without the quotes!): "REPADMIN /OPTIONS
> <W2K DC NAME> +IS_GC"
>
> Fourth: We need to make sure the W2K DC, or another server, hosts DNS
> services and the W2K DC points to it itself or to the other server. On the
> W2K DC execute (without the quotes): "NET START DNS". If it says something
> like 'The requested service has already been started' then DNS is installed.
> If it says something like 'The service name is invalid' then DNS is not
> installed. In the latter case get your W2K (SP?) CD and install DNS on the
> W2K DC using the Add/Remove Programs from the control panel. See also:
> http://support.microsoft.com/?id=275278
>
> Fifth: Make sure the W2K DC is pointing to the DNS server in the TCP/IP
> properties. Retrieve the TCP/IP properties from the network connection and
> make sure the IP address of the W2K DC is listed as preferred DNS server.
>
> Sixth: Make sure important records are registered in DNS. Execute the
> following commands on the W2K DC (without the quotes): "IPCONFIG
> /REGISTERDNS" + "NET STOP DNS & NET START DNS" + "NET STOP NETLOGON & NET
> START NETLOGON"
>
> Seventh: On the W2K DC check which DCs host the FSMO roles. For all roles
> the W2K DC DOES NOT host SEIZE the FSMO role to the W2K DC. For more info
> see:
> http://support.microsoft.com/?id=324801 (How to view and transfer FSMO roles
> in Windows Server 2003)
> http://support.microsoft.com/?id=255504 (Using Ntdsutil.exe to transfer or
> seize FSMO roles to a domain controller)
> http://support.microsoft.com/?id=255690 (How to view and transfer FSMO roles
> in the graphical user interface)
> http://support.microsoft.com/?id=197132 (Windows 2000 Active Directory FSMO
> roles)
> http://www.petri.co.il/transferring_fsmo_roles.htm
> http://www.petri.co.il/seizing_fsmo_roles.htm
>
> Eighth: run the following commands on the W2K DC to check its health
> (without the quotes): "DCDIAG /D /C /V > DCDIAG_OUTPUT.TXT" and "NETDIAG
> /DEBUG /V > NETDIAG_OUTPUT.TXT". Open both output files and search for the
> words FAILED and ERROR to see what eventual errors are being experienced.
>
> And last but not least... install the new server using the same name and IP
> and install and configure everything else that is neededn (like DNS, WINS,
> DHCP ,etc)
>
> Good luck!
>
> --
> Cheers,
> # Jorge de Almeida Pinto #
> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> -----------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test before implementing!
> -----------------------------------------------------------------------------
>
>
> -----------------------------------------------------------------------------
> "tfiorda" <tfiorda@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:CA333B5E-488D-4FD3-AE02-FD284CBB8588@xxxxxxxxxxxxxxxx
> > BTW, I forgot to mention that it's a Win2K Adv Svr domain.
> >
> > Thanks,
> >
> > Tony...
> >
> > "tfiorda" wrote:
> >
> >> I have a dual PDC domain that had the main DC die big time. It's not
> >> recoverable and any data on it has been lost. I am wanting to replace
> >> this
> >> DC with another machine (new) using the same machine name and IP address.
> >> I've already transfered the FSMO roles (all that is except the Schema
> >> Master
> >> which looks like it's been grabbed by the seconday PDC) and was wondering
> >> what step I need to take to make this happen. I've been out of Windows
> >> troubleshooting for a long time and I am very rusty. What are my
> >> gotchas?
> >> Steps to take? And am I nuts!?
> >>
> >> Luckily I've been running dual services, DHCP, DNS, etcetera so the
> >> network
> >> is still functioning. And luckily my Cert Srv is on the machine still
> >> running, although the IAS server was on the one that crashed. No
> >> problem,
> >> just no PEAP until that is up again.
> >>
> >> I've searched the KB, and I know the info is there, but I cannot find it.
> >> Any help would be appreciated.
> >>
> >> Thanks,
> >>
> >> Tony...
>
>
>
.

---

• References:
  • Re: Deader than a doorknob PDC w/AD
    • From: Jorge de Almeida Pinto

• Prev by Date: Re: UserAcccountControl
• Next by Date: Re: Administrators Group in Local Users and Groups
• Previous by thread: Re: Deader than a doorknob PDC w/AD
• Next by thread: Re: Deader than a doorknob PDC w/AD
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: DNS not syncing between PDC and BDC ... all DCs should be of the same SP level due to variances. ... But first, just an FYI, there is no such thing as a PDC or BDC in Active ... The FSMO roles can be transferred dynamically between DCs. ... you may have a possible DNS misconfiguration. ... (microsoft.public.win2000.dns) Re: Deader than a doorknob PDC w/AD ... Now all that remains is to install the new HW. ... >> roles and which one hosts DNS. ... >> services and the W2K DC points to it itself or to the other server. ... On the W2K DC check which DCs host the FSMO roles. ... (microsoft.public.windows.server.active_directory) Re: Deader than a doorknob PDC w/AD ... roles and which one hosts DNS. ... always advise to install the Support Tools and the Resource Kit Tools ... We need to make sure the W2K DC, or another server, hosts DNS ... On the W2K DC check which DCs host the FSMO roles. ... (microsoft.public.windows.server.active_directory) Re: Troubleshoot or reinstall Server 2000? ... functionality to the newer 2003 DC including FSMO roles, ... shouldn't have the IM on GC, unless all DCs on your site are also GCs. ... Are both DCs DNS server? ... (microsoft.public.win2000.active_directory) Re: Deader than a doorknob PDC w/AD ... Now all that remains is to install the new HW. ... > roles and which one hosts DNS. ... > services and the W2K DC points to it itself or to the other server. ... On the W2K DC check which DCs host the FSMO roles. ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)