Re: Deader than a doorknob PDC w/AD
- From: "Jorge de Almeida Pinto" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Fri, 30 Dec 2005 17:45:41 +0100
glad to have helped
--
Cheers,
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
"tfiorda" <tfiorda@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:30421900-D8D0-4684-B681-D77DBABA1DBF@xxxxxxxxxxxxxxxx
> Jorge,
>
> Just as an update. Looks like I've got the remaining DC cleaned up. All
> diagnostics passed. Now all that remains is to install the new HW. That
> will be in a week or so once it arrives.
>
> Thanks for your help and your site is very informative.
>
> Tony...
>
> "Jorge de Almeida Pinto" wrote:
>
>> I'm trying to understand what you mean with "dual PDC domain"...
>>
>> From my understanding until now you have a domain with 2 DCs and one of
>> those DCs died. Right?
>> Assuming that is correct...
>>
>> It is not entirely clear which one is a GC and which one holds the FSMO
>> roles and which one hosts DNS. All those components are very important
>> for
>> AD to function properly!!!
>>
>> First: you need to clean up the AD metadata for the W2K DC that died and
>> you
>> do this on the other W2K DC
>> See for more info:
>> http://blogs.dirteam.com/blogs/jorge/archive/2005/12/03/213.aspx
>>
>> Second: on the W2K DC you may need to install the Support Tools on the DC
>> or
>> copy the files mentioned below from another W2K machine to the W2K DC. I
>> always advise to install the Support Tools and the Resource Kit Tools
>>
>> Third: we are going to determine from the command line to see if the W2K
>> DC
>> is a GC. On the W2K DC run (without the quotes!): "REPADMIN /OPTIONS <W2K
>> DC
>> NAME>". It should show something like IS_GC. If it does not show that
>> then
>> make the W2K3 DC a GC by executing (without the quotes!): "REPADMIN
>> /OPTIONS
>> <W2K DC NAME> +IS_GC"
>>
>> Fourth: We need to make sure the W2K DC, or another server, hosts DNS
>> services and the W2K DC points to it itself or to the other server. On
>> the
>> W2K DC execute (without the quotes): "NET START DNS". If it says
>> something
>> like 'The requested service has already been started' then DNS is
>> installed.
>> If it says something like 'The service name is invalid' then DNS is not
>> installed. In the latter case get your W2K (SP?) CD and install DNS on
>> the
>> W2K DC using the Add/Remove Programs from the control panel. See also:
>> http://support.microsoft.com/?id=275278
>>
>> Fifth: Make sure the W2K DC is pointing to the DNS server in the TCP/IP
>> properties. Retrieve the TCP/IP properties from the network connection
>> and
>> make sure the IP address of the W2K DC is listed as preferred DNS server.
>>
>> Sixth: Make sure important records are registered in DNS. Execute the
>> following commands on the W2K DC (without the quotes): "IPCONFIG
>> /REGISTERDNS" + "NET STOP DNS & NET START DNS" + "NET STOP NETLOGON & NET
>> START NETLOGON"
>>
>> Seventh: On the W2K DC check which DCs host the FSMO roles. For all roles
>> the W2K DC DOES NOT host SEIZE the FSMO role to the W2K DC. For more info
>> see:
>> http://support.microsoft.com/?id=324801 (How to view and transfer FSMO
>> roles
>> in Windows Server 2003)
>> http://support.microsoft.com/?id=255504 (Using Ntdsutil.exe to transfer
>> or
>> seize FSMO roles to a domain controller)
>> http://support.microsoft.com/?id=255690 (How to view and transfer FSMO
>> roles
>> in the graphical user interface)
>> http://support.microsoft.com/?id=197132 (Windows 2000 Active Directory
>> FSMO
>> roles)
>> http://www.petri.co.il/transferring_fsmo_roles.htm
>> http://www.petri.co.il/seizing_fsmo_roles.htm
>>
>> Eighth: run the following commands on the W2K DC to check its health
>> (without the quotes): "DCDIAG /D /C /V > DCDIAG_OUTPUT.TXT" and "NETDIAG
>> /DEBUG /V > NETDIAG_OUTPUT.TXT". Open both output files and search for
>> the
>> words FAILED and ERROR to see what eventual errors are being experienced.
>>
>> And last but not least... install the new server using the same name and
>> IP
>> and install and configure everything else that is neededn (like DNS,
>> WINS,
>> DHCP ,etc)
>>
>> Good luck!
>>
>> --
>> Cheers,
>> # Jorge de Almeida Pinto #
>> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
>> -----------------------------------------------------------------------------
>> * This posting is provided "AS IS" with no warranties and confers no
>> rights!
>> * Always test before implementing!
>> -----------------------------------------------------------------------------
>>
>>
>> -----------------------------------------------------------------------------
>> "tfiorda" <tfiorda@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:CA333B5E-488D-4FD3-AE02-FD284CBB8588@xxxxxxxxxxxxxxxx
>> > BTW, I forgot to mention that it's a Win2K Adv Svr domain.
>> >
>> > Thanks,
>> >
>> > Tony...
>> >
>> > "tfiorda" wrote:
>> >
>> >> I have a dual PDC domain that had the main DC die big time. It's not
>> >> recoverable and any data on it has been lost. I am wanting to replace
>> >> this
>> >> DC with another machine (new) using the same machine name and IP
>> >> address.
>> >> I've already transfered the FSMO roles (all that is except the Schema
>> >> Master
>> >> which looks like it's been grabbed by the seconday PDC) and was
>> >> wondering
>> >> what step I need to take to make this happen. I've been out of
>> >> Windows
>> >> troubleshooting for a long time and I am very rusty. What are my
>> >> gotchas?
>> >> Steps to take? And am I nuts!?
>> >>
>> >> Luckily I've been running dual services, DHCP, DNS, etcetera so the
>> >> network
>> >> is still functioning. And luckily my Cert Srv is on the machine still
>> >> running, although the IAS server was on the one that crashed. No
>> >> problem,
>> >> just no PEAP until that is up again.
>> >>
>> >> I've searched the KB, and I know the info is there, but I cannot find
>> >> it.
>> >> Any help would be appreciated.
>> >>
>> >> Thanks,
>> >>
>> >> Tony...
>>
>>
>>
.
- References:
- Re: Deader than a doorknob PDC w/AD
- From: Jorge de Almeida Pinto
- Re: Deader than a doorknob PDC w/AD
- From: tfiorda
- Re: Deader than a doorknob PDC w/AD
- Prev by Date: Re: Active Directory Restoration
- Next by Date: Re: Disaster Recovery Scenario Help
- Previous by thread: Re: Deader than a doorknob PDC w/AD
- Next by thread: Re: delegate control to one group
- Index(es):
Relevant Pages
|
