Taking a Dc offline to bring up in a lab.

P

pmcdou2

I created a 2000 member server, dcpromo'd it so that it
was a DC on my domain. I then took it off the network to
bring into my lab as the DC for the lab. I booted it up
and it now doesn't find AD. I tried to seize all FSMO
roles but it gave some failure notices but then seized
them anyway. I checked via the Operations Master info
within AD. I am still getting FRS issues and other odd
behavior.

Is there a better way to get my prduction AD info into a
lab? IS there a way to save the DC, I have in the lab
without rebuilding it?

Thanks.
Phil.
 
P

ptwilliams

The reason it can't find itself is because it needs to be it's own DNS
server, and point to itself for DNS. AD cannot function without DNS.

The problem you now have is that your production machines are looking for
this machine and this machine is looking for your production machines -not
good. You'll need to perform a metadata cleanup and a little DNS house
keeping to fix this.

Have a look at this to fix your FRS and KCC problems:
http://support.microsoft.com/default.aspx?kbid=216498

Do not, under any circumstances put this machine back on the production
network now that you've seized the roles!

Personally what I would do is start from scratch. However, if you really
want to mimic the production domain you should take an image of a production
box or two and put these on a separate network. This way the production
network is 'unharmed', and you've got a clone in a test lab. If you've
loads of servers simply image one or two and delete all info. re the others
like in the aforementioned URL.

Hope this info. helps,


Paul.
___________________________________
 
G

Guest

-----Original Message-----
The reason it can't find itself is because it needs to be it's own DNS
server, and point to itself for DNS. AD cannot function without DNS.

The problem you now have is that your production machines are looking for
this machine and this machine is looking for your production machines -not
good. You'll need to perform a metadata cleanup and a little DNS house
keeping to fix this.

Have a look at this to fix your FRS and KCC problems:
http://support.microsoft.com/default.aspx?kbid=216498

Do not, under any circumstances put this machine back on the production
network now that you've seized the roles!

Personally what I would do is start from scratch. However, if you really
want to mimic the production domain you should take an image of a production
box or two and put these on a separate network. This way the production
network is 'unharmed', and you've got a clone in a test lab. If you've
loads of servers simply image one or two and delete all info. re the others
like in the aforementioned URL.

Hope this info. helps,


Paul.
Click to expand...


Thanks for the reply Paul.

Once I put the server in the lab I made it a DNS server.

If the 2000 System wasn't such a mess, I could easily
just restore AD from tape, but at least it's been updated
in 2003. You can't restore to something with different
hardware.

As for imaging, here's what I did... I ghosted the
testDC right after the dcpromo. Took it in the lab, to
make sure everything worked (it didn't) but if it did, I
was going to ghost another image of the good testDC for
the lab and then take the testDC back to production
(after DNS removal) and dcpromo it back out of AD. Does
that sound logical?

Right now, i'm putting the ghosted image (right after
dcpromo) of the testDC back on and going to try it again.
(fingers crossed)

Thanks.
Phil.
 
P

Paul Bergson {MCT, MCSE}

We do some what similar except we do a backup of the newly promoted server
and then demote it gracefully. Remove it from the domain and restore the
server back in the test side. This way no aggressive changes via ntdsutil
in your production environment. Both work but if you do the graceful
(dcpromo) removal, you are less app to make an error in your production
environment.
 
N

news

I would expect you to get these errors when you do this... you will
probably have to run adsiedit.msc and clean up all the replication info from
the directory....
first go to AD sites and services, and check the site that the server is
in...see if you have the NTDS settings info under the server name, and see
if it has a replication partner that was automatically generated... then,
run replmon.exe, connect to the server, right click it, and select "generate
status report"... open the log file that you created, and search for
"enterprise data".... scroll down and look at your sites...you will probably
see some funkiness in there, since most of the automatically generated
intersite replication partners are now invalid.... if your server is not
listed as the intersite topology generator, you will have to run
adsiedit.msc, open configuration items, and locate the site....select the
site, right NTDS settings and select properties....scroll down to intersire
topology generator, and enter your value there...
However, since you have no replication partners, you may continue to get
FRS errors...
 
N

news

Oops, forgot one thing....open adsiedit.msc, go to DomainNC, open system,
open File Replication Service, and open Domain System Volume....you should
see the old replication partners listed in there..delete them.....
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to build an AD DC in a lab 2
DC demotion question 3
Taking a DC offline for maintenance 8
Can I bring teh DC back on line? 3
taking a DC offline 1
move DC/GC from production to test environment 3
--------Before Rebuilding a dead DC 1
DNS in a lab environ... 1

Top