Re: Swing migration Q?: problem joining new DC to temp domain

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I would first check the health of the temp server/domain controller and
verify that it points ONLY to itself as it's DNS server. Also verify that it
is a global catalog server in Active Directory sutes and services.

Run dcdiag and netdiag on the temp server/domain controller to make sure it
passes all tests [well there may be some minor issues found in netdiag but
important DNS/Trust /Domain stuff must pass]. Verify that the Windows
Firewall service is disabled.

Use Event Viewer to check the logs of the temp domain controller to see if
anything pertinent is found in the logs indicating a problem with AD
replication, Group Policy refresh, or domain controller errors.

Once you have verified the health of the temp server/domain controller point
the new server you want to join to ONLY the temp server/domain controller as
its DNS server in tcp/ip properties. Also verify that the time/day/date/time
zone of the two computers are correct and then try to join it to the domain
and that the Windows Firewall service is disabled on both servers.

When creating a swing temp domain controller you must be sure that Active
Directory and DNS have replicated properly and at minimum give it 15 minutes
and then verify that dcdiag and netdiag pass tests, that sysvol share exists
[net share command], that DNS shows the forward zone for the domain and all
the _srv records, that the site connectors between the domain controller
exists and replication can be forced as explained in the link below, and
that the logs show no more problems. I also like to create a test user and
Group Policy an the swing domain controller and verify that it has
replicated to the other domain controller and vice versa.

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/ActiveDirectory/ForcingActiveDirectoryReplication.html



Steve


"Tony Vrolyk" <eat@xxxxxx> wrote in message
news:ug2eV$PwIHA.4916@xxxxxxxxxxxxxxxxxxxxxxx
I know I should be emailing Jeff about this but I have and gotten no
response. I purchased my Swing kit quite a while ago and my account has
expired so I it is reasonable that he wouldn't get back to me as quickly as
he would to current customers. I am hoping someone here has run into this
and can give me some guidance.

I am swinging SBS2003 > SBS 2003 R2 onto new hardware. My Kit is based on
a swing from SBS2000 to SBS2003 which may be the problem. I have emailed
Jeff to ask if I need the new kit but have had no response to that either.

Twice now I have tried this and each time when I get to joining the new
SBSNameDC to the TempDC (offline from live network) it will not see the
domain controller. I can ping IP and I can ping netbios name but when I
try to join the domain I get the message:

"A domain controller for the domain [DOMAIN] could not be contacted.
Ensure the domain name is typed correctly. If the name is correct, click
details for troubleshooting information."

The first time I thought maybe I hadn't allowed enough time for
replication from the CurrentDC to the TempDC before disconnecting and
performing AD cleanup and purging Exchange from AD. So the second time I
left it overnight. I did have to turn off the firewall on the TempDC but
after that I can see DNS replicate and I assume everything else is as
well.

So that I don't have to go back again I am testing by disconnecting the
TempDC from the network and connecting it to my laptop via a switch. I
then try to join the domain but get the same error. I don't know if this
is a good test or not but it seemed reasonable.

I hope my posting was clear. Any help or direction would be appreciated.

Tony V





.

Relevant Pages

  • Re: Demote 1st DC Error
    ... "Don Wilwol" wrote in message ... > When a domain controller is demoted, the operational attribute> "GiveAwayAllFsmoRoles" is written, which triggers the domain controller to> locate other domain controllers to offload any roles it currently owns. ... Locate a server to which there is RPC connectivity. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain user is seen as domain administrator?
    ... computer where you observe the account has been mapped. ... setting permissions for some folders (in domain controller) for the user ... And yes this user is in Domain Admins group. ... workstation and one exact domain controller. ...
    (microsoft.public.security)
  • RE: Securing a Local Network
    ... In your case windows would the best way to go. ... Linux can function as a domain controller, but as much as I love linux, ... Subject: Securing a Local Network ...
    (Security-Basics)
  • RE: Domain Controller Hardware Failure, remove from AD
    ... to know how to remove a crashed and decommissioned domain controller from ... we use the Active Directory Installation Wizard for ... demoting a domain controller to a member server. ... Settings object that exists as a child of the server object in Active ...
    (microsoft.public.windows.server.active_directory)