Active Directory Problem

[Guest]

Domain sc_student (spelman.edu) is made up of four domain controllers,
1 windows 2003 DC and 3 windows 2000 DCs:

Palmtree - Windows 2003 domain controller, no roles.
studentad03 - Windows 2000 domain controller, roles: RID, PDC, nfrastructure,
catalog server.
spelmanite1 - Windows 2000 domain controller, catalog server.
spelmanite2 - windows 2000 domain controller, catalog server.

Domain prep and forest prep have not been ran on any of the
windows 2000 domain controllers. Also none of the domain
controllers are serving the role of schema master. AD thinks
that the schema master is a domain controller that crashed
long ago named sc_student11. It could never be restored.
The domain is still in mixed mode.

Problems: 1. Domain controllers can only be promoted or demoted
when the Windows 2003 domain controller palmtree is on line.
2. The administrator Id for the domain, which is a member of the
Domain Admins group, enterprise admins, schema admins cannot
open the event logs on the windows 2003 domain controller
palmtree. Get an error that says "Access is denied".
3. Cannot install any Microsoft updates to any DCs in the domain
even when you are logged in as administrator of the domain.
4. Although a two way trust has been established with another
domain, the trusts are not working. You cannot map a drive
on the other domin and use your credentials for that domain
to gain access to the resources.

Questions: I kow that I can force one of the DCs to take over the schema
master roles using ntdsutil.exe. I do have domin prep and forest
prep.

How should I proceed???

Please advise.

 

[Jorge de Almeida Pinto [MVP]]

first of all:
to view to FSMO role owners: NETDOM FSMO QUERY

if the one or more FSMO role owners are dead (not available anymore) you
need to SEIZE the orphaned FSMO roles to a healthy up and running DC!
NTDSUTIL
ROLES
CONNECTIONS
CONNECT TO SERVER <SPECIFY FQDN OF NEW FSMO ROLE OWNER HERE>
Q

Then choose between:
Seize domain naming master - Overwrite domain role on connected server
Seize infrastructure master - Overwrite infrastructure role on connected
server
Seize PDC - Overwrite PDC role on connected server
Seize RID master - Overwrite RID role on connected server
Seize schema master - Overwrite schema role on connected server

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

 

[Jorge Silva]

Hi

Just a little correction to Jorge's valid response

to view to FSMO role owners: NETDOM FSMO QUERY

- should be - to view to FSMO role owners: NETDOM QUERY FSMO
- this way works



--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Jorge de Almeida Pinto [MVP]"