Remove roles from dead DC

[superdappa]

Hello
im new here so take it easy on me if i didnt post in the correct section, ok here is my problem i have a 2000 advanced server and one of my dc died i am trying to remove the roles that it had and have not been seccessful in doing so for the following roles. Below you will find the infomation of the FSMO. the roles need to be all moved to the euroserver

C:\Documents and Settings\Administrator>netdom query fsmo
Schema owner euroserver.DomainName
Domain role owner euromiami.DomainName
PDC role euroserver.DomainName
RID pool manager euroserver.DomainName
Infrastructure owner euromiami.DomainName
The command completed successfully.


now because that domain controller is down i cant connect to it so i can run the transfer infrastructure master role and the domain naming master role. i have search threw every forum and technet guide and now my head is going to blow up. please help me with this, the mean reason for this is that im going to be upgrading the server from 2000 advanced server to 2008r2 which just arrived and i cant have this in the state it is also, as well my GC is now not replicating either.

 

[Silverhazesurfer]

My first question has to be: What caused it to fail?

Subsequent questions:

Did you make a backup? Please, please, please say you made a backup.

Do you have other servers that could be promoted to fill the slot? You could promote a server to a
DC and give it the FSMO roles. In Active Directory, you could simply re-direct traffic to that machine. If possible or necessary, you could assign it the same IP address and get things working again.

Replication could have failed if your DC is down.

If you don't have at least one BDC, then you are up the proverbial creek. As long as the disks weren't the part that failed, you should be able to get back up and going relatively simply. A repair of the OS could be possible after hardware installation.

 

[superdappa]

Hey Silverhazesurfer
well here is the thing the primary dc is still active but the gc has been not syncing for a while now as well the other dc i have the data backup as in office work not system state. also i was thinking about doing a repair for the os and see if that would work. the reason for all these changes is that we are rolling out server 2008r2 64bit and exchange 2010 and i know if we dont fix these problems it will cause alot of issues.

 

[Silverhazesurfer]

Repairing the OS on a DC that isn't replicating won't fix your issue necessarily. When you say "syncing," what exactly do you mean? I assume you refer to Active Directory?

http://en.wikipedia.org/wiki/Active_Directory

Start looking at basic communications and work your way up. There has to be a functioning connection in the PDC, so check network adapters for drivers and fuctionality. Check to see that you have proper communications to the machines in question. Check DNS settings also. It could even be something as simple as a password change. Example: We use 90-day passwords here. When the passwords change sometimes there is an issue where an account requires the password update in order to process properly.

In the end, if you are trying to move roles of a machine, simply pick a machine that you want to promote to the PDC.

 

[superdappa]

ok i will start from the start and see if i can isolate this problem. also i have a question if i redue a server and install server 2008 with the same domain name and dns and dhcp as the current pdc is it possible to demote the pdc currently active and put the new server in its place. i guess the question is will the workstations be able to communicate with the new server via the user logins.

 

[Silverhazesurfer]

There are differences between 2008 and 2003. Whether or not they will affect you depends on how your system is setup.

The new 2008 server should be able to pick up as PDC without a problem. Server to server replication may be an issue if you don't have another DC running 2008, as their AD structures are slightly different. You may want to look into upgrading your other DCs to 2008, if you have more than one, so that you have a unified AD structure in your setup.

Workstations should still be the same. 2008 may give you more flexibility when using Windows 7 workstations.

 

[superdappa]

Hey silver
thanks for you help man, also here is the problem now i have been able to transfer 4 roles now to 1 server now as the other DC is dead and gone for sure. below you will see the query i still need to move the domain naming master role. further down i tried to seize it i got the following error.

C:\Documents and Settings\Administrator>netdom query fsmo
Schema owner euroserver.DomainName
Domain role owner euromiami.DomainName-----> still needs to be transfered
PDC role euroserver.DomainName
RID pool manager euroserver.DomainName
Infrastructure owner euroserver.DomainName
The command completed successfully.

Error When Trying to Transfer Role

fsmo maintenance: seize domain naming master
Attempting safe transfer of domain naming FSMO before seizure.
ldap_modify_sW error 0x35(53 (Unwilling To Perform).
Ldap extended error message is 0000214B: SvcErr: DSID-03210849, problem 5003 (WILL_NOT_PERFORM), dat
a 0
Win32 error returned is 0x214b(Only DSAs configured to be Global Catalog servers should be allowed t
o hold the Domain Naming Master FSMO role.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Role seizure is forbidden in this case

 

[Silverhazesurfer]

Win32 error returned is 0x214b(Only DSAs configured to be Global Catalog servers should be allowed to hold the Domain Naming Master FSMO role.)

Did you upgrade this new machine to a DC? The errors seem to indicate the lack of a proper DC to veriify that this role can be assumed.

https://www.pcreview.co.uk/forums/seize-domain-naming-master-t1448529.html
https://www.pcreview.co.uk/forums/unable-seize-fsmo-roles-t1448471.html
http://www.petri.co.il/seizing_fsmo_roles.htm

The first link has lots of MS articles in it on how to accomplish certain tasks. I am positive that one of them will help you.

 

[superdappa]

hey silver thanks for all your help i just started a fresh domain and moved all the users last night this way we start on a clean slate.

 

[Silverhazesurfer]

That sounds like a brilliant idea. I hope it all works out for you.

 

[superdappa]

thanks bud its been done