W2K Server SP4. Active Directory became corrupt so it won't boot except in
"Active Directory Restore Mode". I read through the Help files which explain
two methods for restoring Active Directory - from a backup (which I don't
have - shame on me!), or by re-running the Active Directory Installation
Wizard and replicating from another Domain Controller (which I *do* have).
But, every time I try to run the Active Directory Installation Wizard, it
says it can't be run in Safe Mode! Is there any way around this Catch-22 or
do I just need to re-install W2K from scratch?

Ron,

I might try the /forceremoval switch ( with dcpromo ) and if that does not
work then simply unplug the DC in question ( turn it off ) and then go to
the remaining DC that you have and run a metadata cleanup. This will remove
all reference to that 'corrupted' DC from your environment ( well, you might
have to use ADSIEdit and clean up DNS a little bit as well as Active
Directory Sites and Services ).

Now, the only problem left now is: what was on that DC ( meaning, was it
also a file server? a print server? a Certificate Server? a DNS server? a
DHCP server? you get the picture ). Is any of this going to cause a problem
( meaning, something that you can not restore from back up )?

--
Cary W. Shultz
Roanoke, VA 24012

http://www.activedirectory-win2000.com
(soon to be updated!!!)
http://www.grouppolicy-win2000.com
(soon to be updated!!!)



"Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in message
news:(E-Mail Removed)...
> W2K Server SP4. Active Directory became corrupt so it won't boot except in
> "Active Directory Restore Mode". I read through the Help files which
> explain
> two methods for restoring Active Directory - from a backup (which I don't
> have - shame on me!), or by re-running the Active Directory Installation
> Wizard and replicating from another Domain Controller (which I *do* have).
> But, every time I try to run the Active Directory Installation Wizard, it
> says it can't be run in Safe Mode! Is there any way around this Catch-22
> or
> do I just need to re-install W2K from scratch?
>
>

Both machines were acting as DNS servers so that isn't a problem. The one
with the problem was also a SQL Server. But that database is backed up
constantly and is now up and running on the other DC. I saw something about
the metadata cleanup in the Help file and was planning to do that. What
about the FSMO roles? Do I need to make the remaining DC seize those too?

"Cary Shultz [A.D. MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Ron,
>
> I might try the /forceremoval switch ( with dcpromo ) and if that does not
> work then simply unplug the DC in question ( turn it off ) and then go to
> the remaining DC that you have and run a metadata cleanup. This will
remove
> all reference to that 'corrupted' DC from your environment ( well, you
might
> have to use ADSIEdit and clean up DNS a little bit as well as Active
> Directory Sites and Services ).
>
> Now, the only problem left now is: what was on that DC ( meaning, was it
> also a file server? a print server? a Certificate Server? a DNS server? a
> DHCP server? you get the picture ). Is any of this going to cause a
problem
> ( meaning, something that you can not restore from back up )?
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
>
> http://www.activedirectory-win2000.com
> (soon to be updated!!!)
> http://www.grouppolicy-win2000.com
> (soon to be updated!!!)
>
>
>
> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in
message
> news:(E-Mail Removed)...
> > W2K Server SP4. Active Directory became corrupt so it won't boot except
in
> > "Active Directory Restore Mode". I read through the Help files which
> > explain
> > two methods for restoring Active Directory - from a backup (which I
don't
> > have - shame on me!), or by re-running the Active Directory Installation
> > Wizard and replicating from another Domain Controller (which I *do*
have).
> > But, every time I try to run the Active Directory Installation Wizard,
it
> > says it can't be run in Safe Mode! Is there any way around this Catch-22
> > or
> > do I just need to re-install W2K from scratch?
> >
> >
>
>

Ron,

Generally speaking, when you run dcpromo one of the things that it is
supposed to do is to transfer any of the five FSMO roles that the DC being
dcpromo'd might hold to another DC. However, I like to be the judge of
which DC gets which role ( naturally if you have only two DCs....... ). So,
I might go ahead and determine which DC holds which FSMO role(s) and then
transfer accordingly. There are several ways that you can determine which
DC holds which role. I like to use 'netdom query fsmo' but that requires
that you have the Support Tools installed ( which I suggest that everyone
do... ). You can also use the GUI ( Active Directory Users and Computers
for the three Domain-wide FSMO Roles, for example ) or any number of other
tools. And you will want to transfer the roles, normally speaking. You
only want to seize a role when the DC that holds that role will NEVER return
to the environment ( otherwise you will have two DCs that *think* that they
hold that one role....have fun!!! ). In your case I think that you will
need to seize. However, try to first transfer......IIRC, the seize function
tries to first transfer, and if that does not work, does the seize.

Make sure that the clients are getting the correct IP Address Lease
information ( read: update DHCP and the Options ).

--
Cary W. Shultz
Roanoke, VA 24012

http://www.activedirectory-win2000.com
(soon to be updated!!!)
http://www.grouppolicy-win2000.com
(soon to be updated!!!)



"Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in message
news:(E-Mail Removed)...
> Both machines were acting as DNS servers so that isn't a problem. The one
> with the problem was also a SQL Server. But that database is backed up
> constantly and is now up and running on the other DC. I saw something
> about
> the metadata cleanup in the Help file and was planning to do that. What
> about the FSMO roles? Do I need to make the remaining DC seize those too?
>
> "Cary Shultz [A.D. MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Ron,
>>
>> I might try the /forceremoval switch ( with dcpromo ) and if that does
>> not
>> work then simply unplug the DC in question ( turn it off ) and then go to
>> the remaining DC that you have and run a metadata cleanup. This will
> remove
>> all reference to that 'corrupted' DC from your environment ( well, you
> might
>> have to use ADSIEdit and clean up DNS a little bit as well as Active
>> Directory Sites and Services ).
>>
>> Now, the only problem left now is: what was on that DC ( meaning, was it
>> also a file server? a print server? a Certificate Server? a DNS server? a
>> DHCP server? you get the picture ). Is any of this going to cause a
> problem
>> ( meaning, something that you can not restore from back up )?
>>
>> --
>> Cary W. Shultz
>> Roanoke, VA 24012
>>
>> http://www.activedirectory-win2000.com
>> (soon to be updated!!!)
>> http://www.grouppolicy-win2000.com
>> (soon to be updated!!!)
>>
>>
>>
>> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in
> message
>> news:(E-Mail Removed)...
>> > W2K Server SP4. Active Directory became corrupt so it won't boot except
> in
>> > "Active Directory Restore Mode". I read through the Help files which
>> > explain
>> > two methods for restoring Active Directory - from a backup (which I
> don't
>> > have - shame on me!), or by re-running the Active Directory
>> > Installation
>> > Wizard and replicating from another Domain Controller (which I *do*
> have).
>> > But, every time I try to run the Active Directory Installation Wizard,
> it
>> > says it can't be run in Safe Mode! Is there any way around this
>> > Catch-22
>> > or
>> > do I just need to re-install W2K from scratch?
>> >
>> >
>>
>>
>
>

Thanks Cary for your help. All is well again! I created an ERD. Now, what
should I be backing up and how often?

"Cary Shultz" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Ron,
>
> Generally speaking, when you run dcpromo one of the things that it is
> supposed to do is to transfer any of the five FSMO roles that the DC being
> dcpromo'd might hold to another DC. However, I like to be the judge of
> which DC gets which role ( naturally if you have only two DCs....... ).
So,
> I might go ahead and determine which DC holds which FSMO role(s) and then
> transfer accordingly. There are several ways that you can determine which
> DC holds which role. I like to use 'netdom query fsmo' but that requires
> that you have the Support Tools installed ( which I suggest that everyone
> do... ). You can also use the GUI ( Active Directory Users and Computers
> for the three Domain-wide FSMO Roles, for example ) or any number of other
> tools. And you will want to transfer the roles, normally speaking. You
> only want to seize a role when the DC that holds that role will NEVER
return
> to the environment ( otherwise you will have two DCs that *think* that
they
> hold that one role....have fun!!! ). In your case I think that you will
> need to seize. However, try to first transfer......IIRC, the seize
function
> tries to first transfer, and if that does not work, does the seize.
>
> Make sure that the clients are getting the correct IP Address Lease
> information ( read: update DHCP and the Options ).
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
>
> http://www.activedirectory-win2000.com
> (soon to be updated!!!)
> http://www.grouppolicy-win2000.com
> (soon to be updated!!!)
>
>
>
> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in
message
> news:(E-Mail Removed)...
> > Both machines were acting as DNS servers so that isn't a problem. The
one
> > with the problem was also a SQL Server. But that database is backed up
> > constantly and is now up and running on the other DC. I saw something
> > about
> > the metadata cleanup in the Help file and was planning to do that. What
> > about the FSMO roles? Do I need to make the remaining DC seize those
too?
> >
> > "Cary Shultz [A.D. MVP]" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Ron,
> >>
> >> I might try the /forceremoval switch ( with dcpromo ) and if that does
> >> not
> >> work then simply unplug the DC in question ( turn it off ) and then go
to
> >> the remaining DC that you have and run a metadata cleanup. This will
> > remove
> >> all reference to that 'corrupted' DC from your environment ( well, you
> > might
> >> have to use ADSIEdit and clean up DNS a little bit as well as Active
> >> Directory Sites and Services ).
> >>
> >> Now, the only problem left now is: what was on that DC ( meaning, was
it
> >> also a file server? a print server? a Certificate Server? a DNS server?
a
> >> DHCP server? you get the picture ). Is any of this going to cause a
> > problem
> >> ( meaning, something that you can not restore from back up )?
> >>
> >> --
> >> Cary W. Shultz
> >> Roanoke, VA 24012
> >>
> >> http://www.activedirectory-win2000.com
> >> (soon to be updated!!!)
> >> http://www.grouppolicy-win2000.com
> >> (soon to be updated!!!)
> >>
> >>
> >>
> >> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in
> > message
> >> news:(E-Mail Removed)...
> >> > W2K Server SP4. Active Directory became corrupt so it won't boot
except
> > in
> >> > "Active Directory Restore Mode". I read through the Help files which
> >> > explain
> >> > two methods for restoring Active Directory - from a backup (which I
> > don't
> >> > have - shame on me!), or by re-running the Active Directory
> >> > Installation
> >> > Wizard and replicating from another Domain Controller (which I *do*
> > have).
> >> > But, every time I try to run the Active Directory Installation
Wizard,
> > it
> >> > says it can't be run in Safe Mode! Is there any way around this
> >> > Catch-22
> >> > or
> >> > do I just need to re-install W2K from scratch?
> >> >
> >> >
> >>
> >>
> >
> >
>
>

Ron,

One word comes to mind: System State! How often? Every night!

There are a few other things that you can do. I like to create a .ldf file
which has all of the user account objects and all of the group objects and
all of the computer account objects. It is more of a security blanket than
anything. If the poop hit the fan and your backup did not work ( you do
test your backup, right? ) then this .ldf file might come in handy. It
would be a saving grace in an otherwise bad situation. And for your GPOs
you might want to look at the GPMC.

--
Cary W. Shultz
Roanoke, VA 24012

http://www.activedirectory-win2000.com
(soon to be updated!!!)
http://www.grouppolicy-win2000.com
(soon to be updated!!!)



"Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in message
news:(E-Mail Removed)...
> Thanks Cary for your help. All is well again! I created an ERD. Now, what
> should I be backing up and how often?
>
> "Cary Shultz" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Ron,
>>
>> Generally speaking, when you run dcpromo one of the things that it is
>> supposed to do is to transfer any of the five FSMO roles that the DC
>> being
>> dcpromo'd might hold to another DC. However, I like to be the judge of
>> which DC gets which role ( naturally if you have only two DCs....... ).
> So,
>> I might go ahead and determine which DC holds which FSMO role(s) and then
>> transfer accordingly. There are several ways that you can determine
>> which
>> DC holds which role. I like to use 'netdom query fsmo' but that requires
>> that you have the Support Tools installed ( which I suggest that everyone
>> do... ). You can also use the GUI ( Active Directory Users and Computers
>> for the three Domain-wide FSMO Roles, for example ) or any number of
>> other
>> tools. And you will want to transfer the roles, normally speaking. You
>> only want to seize a role when the DC that holds that role will NEVER
> return
>> to the environment ( otherwise you will have two DCs that *think* that
> they
>> hold that one role....have fun!!! ). In your case I think that you will
>> need to seize. However, try to first transfer......IIRC, the seize
> function
>> tries to first transfer, and if that does not work, does the seize.
>>
>> Make sure that the clients are getting the correct IP Address Lease
>> information ( read: update DHCP and the Options ).
>>
>> --
>> Cary W. Shultz
>> Roanoke, VA 24012
>>
>> http://www.activedirectory-win2000.com
>> (soon to be updated!!!)
>> http://www.grouppolicy-win2000.com
>> (soon to be updated!!!)
>>
>>
>>
>> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in
> message
>> news:(E-Mail Removed)...
>> > Both machines were acting as DNS servers so that isn't a problem. The
> one
>> > with the problem was also a SQL Server. But that database is backed up
>> > constantly and is now up and running on the other DC. I saw something
>> > about
>> > the metadata cleanup in the Help file and was planning to do that. What
>> > about the FSMO roles? Do I need to make the remaining DC seize those
> too?
>> >
>> > "Cary Shultz [A.D. MVP]" <(E-Mail Removed)> wrote in message
>> > news:(E-Mail Removed)...
>> >> Ron,
>> >>
>> >> I might try the /forceremoval switch ( with dcpromo ) and if that does
>> >> not
>> >> work then simply unplug the DC in question ( turn it off ) and then go
> to
>> >> the remaining DC that you have and run a metadata cleanup. This will
>> > remove
>> >> all reference to that 'corrupted' DC from your environment ( well, you
>> > might
>> >> have to use ADSIEdit and clean up DNS a little bit as well as Active
>> >> Directory Sites and Services ).
>> >>
>> >> Now, the only problem left now is: what was on that DC ( meaning, was
> it
>> >> also a file server? a print server? a Certificate Server? a DNS
>> >> server?
> a
>> >> DHCP server? you get the picture ). Is any of this going to cause a
>> > problem
>> >> ( meaning, something that you can not restore from back up )?
>> >>
>> >> --
>> >> Cary W. Shultz
>> >> Roanoke, VA 24012
>> >>
>> >> http://www.activedirectory-win2000.com
>> >> (soon to be updated!!!)
>> >> http://www.grouppolicy-win2000.com
>> >> (soon to be updated!!!)
>> >>
>> >>
>> >>
>> >> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in
>> > message
>> >> news:(E-Mail Removed)...
>> >> > W2K Server SP4. Active Directory became corrupt so it won't boot
> except
>> > in
>> >> > "Active Directory Restore Mode". I read through the Help files which
>> >> > explain
>> >> > two methods for restoring Active Directory - from a backup (which I
>> > don't
>> >> > have - shame on me!), or by re-running the Active Directory
>> >> > Installation
>> >> > Wizard and replicating from another Domain Controller (which I *do*
>> > have).
>> >> > But, every time I try to run the Active Directory Installation
> Wizard,
>> > it
>> >> > says it can't be run in Safe Mode! Is there any way around this
>> >> > Catch-22
>> >> > or
>> >> > do I just need to re-install W2K from scratch?
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>

I'll do it!

I have another question: After transferring the FSMO roles to the second
server, I'm now seeing this message:

Unable to establish connection with global catalog.

It's in the Directory Service Event log every hour on that server. I
searched MSDN and found a KB article (842208), but it doesn't seem to relate
as no other error messages are showing up. Any ideas?

"Cary Shultz" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Ron,
>
> One word comes to mind: System State! How often? Every night!
>
> There are a few other things that you can do. I like to create a .ldf
file
> which has all of the user account objects and all of the group objects and
> all of the computer account objects. It is more of a security blanket
than
> anything. If the poop hit the fan and your backup did not work ( you do
> test your backup, right? ) then this .ldf file might come in handy. It
> would be a saving grace in an otherwise bad situation. And for your GPOs
> you might want to look at the GPMC.
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
>
> http://www.activedirectory-win2000.com
> (soon to be updated!!!)
> http://www.grouppolicy-win2000.com
> (soon to be updated!!!)
>
>
>
> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in
message
> news:(E-Mail Removed)...
> > Thanks Cary for your help. All is well again! I created an ERD. Now,
what
> > should I be backing up and how often?
> >
> > "Cary Shultz" <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> >> Ron,
> >>
> >> Generally speaking, when you run dcpromo one of the things that it is
> >> supposed to do is to transfer any of the five FSMO roles that the DC
> >> being
> >> dcpromo'd might hold to another DC. However, I like to be the judge of
> >> which DC gets which role ( naturally if you have only two DCs....... ).
> > So,
> >> I might go ahead and determine which DC holds which FSMO role(s) and
then
> >> transfer accordingly. There are several ways that you can determine
> >> which
> >> DC holds which role. I like to use 'netdom query fsmo' but that
requires
> >> that you have the Support Tools installed ( which I suggest that
everyone
> >> do... ). You can also use the GUI ( Active Directory Users and
Computers
> >> for the three Domain-wide FSMO Roles, for example ) or any number of
> >> other
> >> tools. And you will want to transfer the roles, normally speaking.
You
> >> only want to seize a role when the DC that holds that role will NEVER
> > return
> >> to the environment ( otherwise you will have two DCs that *think* that
> > they
> >> hold that one role....have fun!!! ). In your case I think that you
will
> >> need to seize. However, try to first transfer......IIRC, the seize
> > function
> >> tries to first transfer, and if that does not work, does the seize.
> >>
> >> Make sure that the clients are getting the correct IP Address Lease
> >> information ( read: update DHCP and the Options ).
> >>
> >> --
> >> Cary W. Shultz
> >> Roanoke, VA 24012
> >>
> >> http://www.activedirectory-win2000.com
> >> (soon to be updated!!!)
> >> http://www.grouppolicy-win2000.com
> >> (soon to be updated!!!)
> >>
> >>
> >>
> >> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in
> > message
> >> news:(E-Mail Removed)...
> >> > Both machines were acting as DNS servers so that isn't a problem. The
> > one
> >> > with the problem was also a SQL Server. But that database is backed
up
> >> > constantly and is now up and running on the other DC. I saw something
> >> > about
> >> > the metadata cleanup in the Help file and was planning to do that.
What
> >> > about the FSMO roles? Do I need to make the remaining DC seize those
> > too?
> >> >
> >> > "Cary Shultz [A.D. MVP]" <(E-Mail Removed)> wrote in message
> >> > news:(E-Mail Removed)...
> >> >> Ron,
> >> >>
> >> >> I might try the /forceremoval switch ( with dcpromo ) and if that
does
> >> >> not
> >> >> work then simply unplug the DC in question ( turn it off ) and then
go
> > to
> >> >> the remaining DC that you have and run a metadata cleanup. This
will
> >> > remove
> >> >> all reference to that 'corrupted' DC from your environment ( well,
you
> >> > might
> >> >> have to use ADSIEdit and clean up DNS a little bit as well as Active
> >> >> Directory Sites and Services ).
> >> >>
> >> >> Now, the only problem left now is: what was on that DC ( meaning,
was
> > it
> >> >> also a file server? a print server? a Certificate Server? a DNS
> >> >> server?
> > a
> >> >> DHCP server? you get the picture ). Is any of this going to cause a
> >> > problem
> >> >> ( meaning, something that you can not restore from back up )?
> >> >>
> >> >> --
> >> >> Cary W. Shultz
> >> >> Roanoke, VA 24012
> >> >>
> >> >> http://www.activedirectory-win2000.com
> >> >> (soon to be updated!!!)
> >> >> http://www.grouppolicy-win2000.com
> >> >> (soon to be updated!!!)
> >> >>
> >> >>
> >> >>
> >> >> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in
> >> > message
> >> >> news:(E-Mail Removed)...
> >> >> > W2K Server SP4. Active Directory became corrupt so it won't boot
> > except
> >> > in
> >> >> > "Active Directory Restore Mode". I read through the Help files
which
> >> >> > explain
> >> >> > two methods for restoring Active Directory - from a backup (which
I
> >> > don't
> >> >> > have - shame on me!), or by re-running the Active Directory
> >> >> > Installation
> >> >> > Wizard and replicating from another Domain Controller (which I
*do*
> >> > have).
> >> >> > But, every time I try to run the Active Directory Installation
> > Wizard,
> >> > it
> >> >> > says it can't be run in Safe Mode! Is there any way around this
> >> >> > Catch-22
> >> >> > or
> >> >> > do I just need to re-install W2K from scratch?
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>

Ron,

I would guess that you would have to make the 'surviving' Domain Controller
a GC as well. I just looked through the entire history of this post and I
failed to mention that. Sorry. Sometimes I forget the 'obvious'.... ;-)

You do this in the Active Directory Sites and Services MMC. And, to avoid
any more delay, please find below the link to the MSKB Article that explains
how to do this:

http://support.microsoft.com/?id=313994

--
Cary W. Shultz
Roanoke, VA 24012

http://www.activedirectory-win2000.com
(soon to be updated!!!)
http://www.grouppolicy-win2000.com
(soon to be updated!!!)



"Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in message
news:(E-Mail Removed)...
> I'll do it!
>
> I have another question: After transferring the FSMO roles to the second
> server, I'm now seeing this message:
>
> Unable to establish connection with global catalog.
>
> It's in the Directory Service Event log every hour on that server. I
> searched MSDN and found a KB article (842208), but it doesn't seem to
> relate
> as no other error messages are showing up. Any ideas?
>
> "Cary Shultz" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Ron,
>>
>> One word comes to mind: System State! How often? Every night!
>>
>> There are a few other things that you can do. I like to create a .ldf
> file
>> which has all of the user account objects and all of the group objects
>> and
>> all of the computer account objects. It is more of a security blanket
> than
>> anything. If the poop hit the fan and your backup did not work ( you do
>> test your backup, right? ) then this .ldf file might come in handy. It
>> would be a saving grace in an otherwise bad situation. And for your GPOs
>> you might want to look at the GPMC.
>>
>> --
>> Cary W. Shultz
>> Roanoke, VA 24012
>>
>> http://www.activedirectory-win2000.com
>> (soon to be updated!!!)
>> http://www.grouppolicy-win2000.com
>> (soon to be updated!!!)
>>
>>
>>
>> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in
> message
>> news:(E-Mail Removed)...
>> > Thanks Cary for your help. All is well again! I created an ERD. Now,
> what
>> > should I be backing up and how often?
>> >
>> > "Cary Shultz" <(E-Mail Removed)> wrote in message
>> > news:%(E-Mail Removed)...
>> >> Ron,
>> >>
>> >> Generally speaking, when you run dcpromo one of the things that it is
>> >> supposed to do is to transfer any of the five FSMO roles that the DC
>> >> being
>> >> dcpromo'd might hold to another DC. However, I like to be the judge
>> >> of
>> >> which DC gets which role ( naturally if you have only two
>> >> DCs....... ).
>> > So,
>> >> I might go ahead and determine which DC holds which FSMO role(s) and
> then
>> >> transfer accordingly. There are several ways that you can determine
>> >> which
>> >> DC holds which role. I like to use 'netdom query fsmo' but that
> requires
>> >> that you have the Support Tools installed ( which I suggest that
> everyone
>> >> do... ). You can also use the GUI ( Active Directory Users and
> Computers
>> >> for the three Domain-wide FSMO Roles, for example ) or any number of
>> >> other
>> >> tools. And you will want to transfer the roles, normally speaking.
> You
>> >> only want to seize a role when the DC that holds that role will NEVER
>> > return
>> >> to the environment ( otherwise you will have two DCs that *think* that
>> > they
>> >> hold that one role....have fun!!! ). In your case I think that you
> will
>> >> need to seize. However, try to first transfer......IIRC, the seize
>> > function
>> >> tries to first transfer, and if that does not work, does the seize.
>> >>
>> >> Make sure that the clients are getting the correct IP Address Lease
>> >> information ( read: update DHCP and the Options ).
>> >>
>> >> --
>> >> Cary W. Shultz
>> >> Roanoke, VA 24012
>> >>
>> >> http://www.activedirectory-win2000.com
>> >> (soon to be updated!!!)
>> >> http://www.grouppolicy-win2000.com
>> >> (soon to be updated!!!)
>> >>
>> >>
>> >>
>> >> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote in
>> > message
>> >> news:(E-Mail Removed)...
>> >> > Both machines were acting as DNS servers so that isn't a problem.
>> >> > The
>> > one
>> >> > with the problem was also a SQL Server. But that database is backed
> up
>> >> > constantly and is now up and running on the other DC. I saw
>> >> > something
>> >> > about
>> >> > the metadata cleanup in the Help file and was planning to do that.
> What
>> >> > about the FSMO roles? Do I need to make the remaining DC seize those
>> > too?
>> >> >
>> >> > "Cary Shultz [A.D. MVP]" <(E-Mail Removed)> wrote in message
>> >> > news:(E-Mail Removed)...
>> >> >> Ron,
>> >> >>
>> >> >> I might try the /forceremoval switch ( with dcpromo ) and if that
> does
>> >> >> not
>> >> >> work then simply unplug the DC in question ( turn it off ) and then
> go
>> > to
>> >> >> the remaining DC that you have and run a metadata cleanup. This
> will
>> >> > remove
>> >> >> all reference to that 'corrupted' DC from your environment ( well,
> you
>> >> > might
>> >> >> have to use ADSIEdit and clean up DNS a little bit as well as
>> >> >> Active
>> >> >> Directory Sites and Services ).
>> >> >>
>> >> >> Now, the only problem left now is: what was on that DC ( meaning,
> was
>> > it
>> >> >> also a file server? a print server? a Certificate Server? a DNS
>> >> >> server?
>> > a
>> >> >> DHCP server? you get the picture ). Is any of this going to cause
>> >> >> a
>> >> > problem
>> >> >> ( meaning, something that you can not restore from back up )?
>> >> >>
>> >> >> --
>> >> >> Cary W. Shultz
>> >> >> Roanoke, VA 24012
>> >> >>
>> >> >> http://www.activedirectory-win2000.com
>> >> >> (soon to be updated!!!)
>> >> >> http://www.grouppolicy-win2000.com
>> >> >> (soon to be updated!!!)
>> >> >>
>> >> >>
>> >> >>
>> >> >> "Ron Hinds" <__ron__dontspamme@wedontlikespam_garageiq.com> wrote
>> >> >> in
>> >> > message
>> >> >> news:(E-Mail Removed)...
>> >> >> > W2K Server SP4. Active Directory became corrupt so it won't boot
>> > except
>> >> > in
>> >> >> > "Active Directory Restore Mode". I read through the Help files
> which
>> >> >> > explain
>> >> >> > two methods for restoring Active Directory - from a backup (which
> I
>> >> > don't
>> >> >> > have - shame on me!), or by re-running the Active Directory
>> >> >> > Installation
>> >> >> > Wizard and replicating from another Domain Controller (which I
> *do*
>> >> > have).
>> >> >> > But, every time I try to run the Active Directory Installation
>> > Wizard,
>> >> > it
>> >> >> > says it can't be run in Safe Mode! Is there any way around this
>> >> >> > Catch-22
>> >> >> > or
>> >> >> > do I just need to re-install W2K from scratch?
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>