Re: Rebuilding 2003 DC

Thanks for all the great info.

This DC is still running. Can I not try and gracefully run DCPROMO so that
the domain sees the removal of this DC and then reinstall and DCPROMO it
again to return it to being a DC?

Thanks.

"Jorge Silva" wrote:

ok
To manually remove CA from AD
follow
http://support.microsoft.com/kb/555151

To Force remove:
Assuming that this Dc is an Aditional Dc for an existent domain:
- Disconnect (unplug the network cable) the Dc from network and run dcpromo
/forceremoval.
Restart the server.
Delete the NTDS folder.
Follow
Domain controllers do not demote gracefully when you use the Active
Directory Installation Wizard to force demotion in Windows Server 2003 and
in Windows 2000 Server
http://support.microsoft.com/kb/332199/en-us
- Then remove all references to that Dc on AD database (Metadata cleanup).
- Remove any Dns references to the Dc. - nltest /dsderegdns:<dns host name>
- If necessary seize any left Op Master roles that were hosted by that Dc.
*Note: The domain controller that seizes the role must be fully up-to-date
with the updates performed on the previous role owner. Because of
replication latency, it is possible that the domain controller might not be
up-to-date. To check the status of updates for a domain controller, use the
Repadmin.exe /Showutdvec switch.
*C:\> repadmin/showutdvec server2. mydomain.com dc= mydomain,dc=com
*C:\> repadmin/showutdvec server3. mydomain.com dc= mydomain,dc=com
- If some discrepancies Use the Repadmin /Syncall switch to make the
replication happen immediately.
- If the domain controller that you are demoting is a DNS server or global
catalog server, you must create a new GC or DNS server to satisfy load
balancing, fault tolerance, and configuration settings in the forest, don't
forget that you need at least one GC per Forest..
-Dont forget to export the *EFS* certificate. If one of these two dcs is
the first dc that was installed in your domain then the EFS certificate
resides locally on that dc. When you remove the dc before you export the
efs certificate you will loose it. Without this certificate you are not
able to recover efs encrypted files.
http://support.microsoft.com/?scid=kb%3Ben-us%3B241201&x=5&y=13
- Manually remove it from Sites and Services snap-in.
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/kb/255504/
How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/?kbid=216498
Clean up server metadata
http://technet2.microsoft.com/WindowsServer/en/Library/012793ee-5e8c-4a5c-9f66-4a486a7114fd1033.mspx?mfr=true


--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"Stryder" <Stryder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A513928D-1924-4582-B8D6-9429DE48D2D1@xxxxxxxxxxxxxxxx
It is Windows 2003 DC. I am not trying to install anything. When I try
and
run ADUC or any admin tool it lauches an install window then tells me it
can
only install on a Windows 2003 or XP machine.

I have now found out that another domain admin tried to install CA on this
DC and then removed it as the DC was getting an error about Automatic
certificate enrollment for local system failed to enroll for one Domain
Controller certificate (0x800706ba). The RPC server is unavailable.

I also read to move the Schema master and Operations Master. I have
already
moved the RID, PDC and Infrastrcture master. That shoukd be my 5 FSMO
roles
correct?

My other DC's also run DNS.

Is there anything else I have to do before running DCPROMO?

Thanks.


"Jorge Silva" wrote:

Hi
Hi
Is that a Windows 2003? Or 2000?
What are you trying to install, adminpak?
--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"Stryder" <Stryder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7705521A-A210-4C9A-993D-F625B3FA078D@xxxxxxxxxxxxxxxx

My main 2003 DC has some problems.

Most noticibly it seems to now longer believe it is a 2003 server for
when
I
run 2003 admin tools it tries to install them and then tells me it
needs
to
be Windows XP or a Windows 2003 server. It has been working fine for
several
years.

Unless there is a easy solution to find out what is wrong I was
thinking
of
just rebuilding this DC but it was my PDC.

I transferred all services ( RID, PDC and Infrastructure master) to
another
DC.

Question: is there anything else I need to do before running a DCPROMO
on
this server to demote it and then reinstalling the OS and rerunning
DCPROMO
to bring it back?

Thanks.


.

Relevant Pages

  • Re: after installing KB011829 OWA is not working anymore
    ... Windows Vista or IE 7.0 no longer includes support for the ActiveX control ... The resolution for this issue is to install hotfix KB 911829. ... and to the back-end server. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.exchange.connectivity)
  • RE: RRAS Wizard failure
    ... SBS, now, you can jump over the Windows server 2003 sp1 installation." ... we do not recommend customer to install windows server 2003 sp2 ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: Service pack version
    ... I understand that the SBS 2003 BPA suggests ... Now, you had installed Windows Server 2003 sp2 on your SBS, and the SBS ... It is recommended to install the Windows Server 2003 sp2 after install the ...
    (microsoft.public.windows.server.sbs)
  • Re: Fax on Terminal Server from SBS2K3
    ... please make sure the Fax service is installed on the TS server. ... you can try the steps below to install Shared Fax Client: ... 248340 Installing and Using Programs in Windows 2000 Terminal Services ...
    (microsoft.public.windows.server.sbs)
  • RE: Remote Access Wizard Error
    ... please let me know the detail version of your SBS. ... please go through the following document to install SBS 2003 sp1: ... Downloading and Installing Windows Small Business Server 2003 Service Pack 1 ...
    (microsoft.public.windows.server.sbs)
Loading