Re: Reinstallation Problem in AD

Please see answers inline:
Hi, I tried not to bother again but I have not been able to solve this
situation.
-You're not bothering me, I'm here because I like to help people.

I'll answer your questions: Yes my main DC crashed and since I did
not have a systemstate backup I had to install from zero and it made a new
forest with the same domain name. Now I have two diferent forrests with
the
same domain name.
This is a huge mistake, because with 2 different forests with the same name
you can't do trust relationship between them to migrate the objects.

You told me I had 2 options: 1-. Seize FMSO and do metadata cleanup to
migrate. I could not connect to the server to do this.
2-. dcpromo /forceremoval and
create objects manually.
the second one was the only option left so I did the dcpromo and the
server
was left as a standalone server with no connections to any domain.

- This is very confusing. You would need to seize roles and perform metadata
cleanup on the server that had AD installed when the other one crashed, you
see, when your server crashes the other one doesn't know about it, so it's
up to you to manually tell that server that the other one doesn't exists
anymore, and also to seize the roles to that healthy server, because the
other was dead.
- But then you said that you rebuilded "Using the server that CRASHED" a new
forest. You them said I want to keep the "CRASHED" server with that new
forest because it's working well. I said that you could still do a Trust
relationship between both Forests (assuming different domain names for each
forest) and migrate the objects between them (Of course you still needed to
perform metadata cleanup on the OLD Forest, because that server didn't knew
about the server crash).
- The last option was: If you DON'T want to perform migration (because you
have a little objetcts only in the old forest, and you can create them
manually with no problem), you can either demote the AD from the old DC
using dcpromo /forceremoval, OR just clean the Server with a format, and
then reintroduce-it as additional DC into tat new forest.

- So if I'm understanding you correctly, you only have 1 Forest, and that
Forest is the one that was built in the CRASHED DC, correct?
- Assuming yes, to introduce that server to the existing forest as member
server you only need to ad it to the existing domain as you would do for a
workstation.


--
===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"Yaira Ojeda" <YairaOjeda@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:08BDEE6F-534C-4E2F-876C-D7DF953AEF32@xxxxxxxxxxxxxxxx
Hi, I tried not to bother again but I have not been able to solve this
situation. I'll answer your questions: Yes my main DC crashed and since I
did
not have a systemstate backup I had to install from zero and it made a new
forest with the same domain name. Now I have two diferent forrests with
the
same domain name.

You told me I had 2 options: 1-. Seize FMSO and do metadata cleanup to
migrate. I could not connect to the server to do this.
2-. dcpromo /forceremoval and
create objects manually.

the second one was the only option left so I did the dcpromo and the
server
was left as a standalone server with no connections to any domain.

What should be my next step to add this server to the domain. It is only
an
applications server and file server. Is it necessary or just convenient?

Thanks a lot

Y.O.

"Jorge Silva" wrote:

-Your Main DC crashed, correct?
-Then you rebuild-it with a new forest because you didn't had a system
state
backup for that DC correct?
- In your first post you sound like you wanted to get that new DC
replicating with the existing one, but since you don't have a systemstate
backup youcan't do that, so the option was to remove old references to
that
DC in the existing one, and then add-it again as additional DC.

- Now you want a different thing, you want to keep that rebuilded DC and
joing the "old" one to that new Forest Correct?
- Assuming yes:
You now have 2 different forests, all you would had to do is:
1- Migrate one forest objects to the other (Note: In this case you still
need to perform metadata cleanup and FSMO seize before you do the Trust
between these forests on the old DC (that one that didn't crashed))
2- If you DON'T want to perform migration (because you have a little
objetcts only in the old forest, and you can create them manually with no
problem), you can either demote the AD from the old DC using dcpromo
/forceremoval, OR just clean the Server with a format, and then
reintroduce-it as additional DC into tat new forest.

--
===================================
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
===================================

"Yaira Ojeda" <YairaOjeda@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F984A452-1A96-4363-8736-00FC48ED10FF@xxxxxxxxxxxxxxxx
Hi, I do not know if I am explaining myself well. I'll try it again.

Since I did not know any of this things you are telling me now and it
was
very urgent that I got the main DC working (it has exchange server in
it
and
it is used by 150 people) and the secondary one only has a business
intellingence program used by only 10 people I reinstalled the main one
completely. It is working perfectly. I do not want to change what I
have
now.
In fact the reinstallation corrected a few errors I had before.

So, I suppose that the server I have to make the changes to is the
secondary
one?. I want it to connect to the main server (the one I reinstalled)
and
that it replicates the new changes in the "new" domain, because the
people
who use the business intelligence program can not connect to it.

Thanks,

Y.O.

"Paul Bergson [MVP-DS]" wrote:

If you have two dc's then you should be able to promote the new one
into
the
old domain. You clean up your AD metadata, rebuild your new member
server
and repromote this new member server as a dc. Then you won't have to
recreate all the AD objects and the old dc should replicate all the
objects
from it back to the new dc. It sounds like it is to late to do this
though.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Yaira Ojeda" <YairaOjeda@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A72D8DC4-1AFD-4A76-9BE0-C2C3E1758AC3@xxxxxxxxxxxxxxxx
Hi, I had a very big problem with my Server's disks and tape unit. I
had
to
reinstall Windows 2003 Server from scratch and the backup tape did
not
function very well. I was only able to restore folders and files. I
created
all the users and groups again and had to create the users profiles
again
on
the computers locally so they could get access to their
configuration.

The thing is that I had another server in this domain and cannot get
it
to
replicate or even join the domain. The users cannot get access even
though
it
shows on the network neighborhood. The message gives me the idea
that
the
domain is new and that the old one does not exist even though it has
the
same
name. I have tried many things and they do not work. Please give me
an
idea
where can I start.

With the XP PRO workstations I have a similar problem with half of
them.
They do login in the domain but the computer name is not recognized
and
I
get
an event message like this (it is in spanish):
Type: error Source: NETLOGON ID: 5513
The computer CHARLES tried to connect to server \\MEGASRV
using a
trust relation established by the domain RORISERVER. However the
computer
lost the Security Identificator (SID) when the domain was configured
again.
Restablish de trust relation.

I suppose the problem with the server is kind of the same thing.

I wait for an asnwer to give me some light.....

Thanks a lot

Yaira Ojeda










.

Relevant Pages

  • Re: Protected Forest with One Child domain
    ... The forest is in native mode. ... so your child DNS servers can resolve both their ... INTERNAL zone on every DNS server using AD-Integrated Forest ...
    (microsoft.public.windows.server.dns)
  • Re: Reinstallation Problem in AD
    ... -Then you rebuild-it with a new forest because you didn't had a system state ... backup for that DC correct? ... joing the "old" one to that new Forest Correct? ... very urgent that I got the main DC working (it has exchange server in it ...
    (microsoft.public.windows.server.active_directory)
  • Re: Rejoining domains to new active directory .
    ... then demoting the server and run the dc-promo again right ..? ... At least system state backup. ... to the new forest domain, i'm not sure if in your case will work but you can ... you had DC1 in a top root domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Trust relationships between sites.
    ... Trusts are between ... root forest domains of each forest.) ... Dump the LMHosts file and setup one or more WINS Server -- if you ... so that the DNS of Ad01 can resolve Ad02 and vice versa. ...
    (microsoft.public.win2000.active_directory)
  • Re: Two diffeent Forest sharing 1 Exchange Server
    ... I would look into the Galy Sync and inter org connector option. ... The other option you have is to host ABC.com on the current Exchange server ... As far as setting up a separate forest I how can I setup current users ...
    (microsoft.public.exchange.design)
Loading