Re: 1st DC in Small Domain Failed, _msdcs still points to 1st DC

From: "chriss3 [MVP]" <christoffer@xxxxxxxx>
Date: Wed, 4 Jun 2008 00:05:38 +0200

Hello.

1. Make sure that you remove the Domain Controller that failed from Active Directory using metadata cleanup (If there is no possibility to use DCPROMO to demote it)
FYI: http://support.microsoft.com/kb/216498

2. Seize the FSMO roles to an other DC.
FYI: http://support.microsoft.com/kb/255504

3. Install Windows Server Support Tools (Found on your Windows Server CD) and run the command nltest /dsregdns on your remaining DC. Review the _msdcs zone and see of the record of the remaining DC is created.. Clean up records in your DNS zones from the failed DC. Make sure that the remaining DC is made a name server for the zones.

--
Regards
Christoffer Andersson
TrueSec - Executive Consultant
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------

http://www.truesec.com

"Darius Sanders" <DariusSanders@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:940EEB33-1285-4A83-8ED9-87DF8671429A@xxxxxxxxxxxxxxxx

I have a situations were the first domain controller in our small, single
site domain, has suffered a substantial hardware problem and is not
operational. We have a second domain controller that is running DNS and is
operating as a Global Catalog. Active directory seems to be operating
normally for now even though the fsmo roles wer on the failed machine. When I
go into the forward look up zone for the still operating DC and look under
the _msdcs folder I see one entry for the server that has failed. Should that
be modified to refer to the second DC that is still operational? If so, how
is that accomplished. Any insight on this would be very much appreciated.
Thanks in advance.
--
Darius Sanders

--
Darius Sanders

Follow-Ups:
- Re: 1st DC in Small Domain Failed, _msdcs still points to 1st DC
  - From: Darius Sanders

Prev by Date: Re: AD Enabled Apps
Next by Date: Re: AD Enabled Apps
Previous by thread: Windows 2008 Trust To MIT Kerberos Server
Next by thread: Re: 1st DC in Small Domain Failed, _msdcs still points to 1st DC
Index(es):
- Date
- Thread

Relevant Pages

Re: DNS - Primary/Secondary
... > You need to have one primary DNS server. ... > dns server for the zone. ... if the zone is on a Domain Controller and the zone is ... stored in Active Directory, you cannot have a Secondary of the same zone ...
(microsoft.public.windows.server.dns)
Slow workstations logon to Win 2003 - DNS Problem?
... to windows 2003 domain controller. ... The DNS server has encountered a critical error from the Active ... Check that the Active Directory is functioning properly and repeat ... zone goshen.tau.ac.il. ...
(microsoft.public.win2000.dns)
Win2000 DNS forgets who it is
... I've got a domain controller running Win2000 with DNS hosting several other ... Only the main domain is an Active Directory zone. ... Record) it can no longer resolve to the IP address of the Domain Controller. ...
(microsoft.public.win2000.dns)
Re: DNS - Primary/Secondary
... I made no indication the zone data was stored in AD with this statement. ... >> You need to have one primary DNS server. ... > You are incorrect, if the zone is on a Domain Controller and the zone is> stored in Active Directory, you cannot have a Secondary of the same zone> name on another Domain Controller in the same domain. ...
(microsoft.public.windows.server.dns)
RE: NTDS.dit file is currupt
... "microsoft" wrote:> We are currently facing a serious problem with one our client server. ... > After rebooting the machine in directory services restore mode, I had> followed the steps below; ntdsutil neither defrag Active Directory Database> nor repair. ... Restart the domain controller. ... Check the integrity of the Active Directory database. ...
(microsoft.public.win2000.active_directory)