AD

[David]

DC was having hard drive problems, I was able to transfer
three FSMO roles, RID, PDC, and infrastructure to another
DC. Before I was able to run dcpromo to make it a member
server, the machine crashed.
Rebuild the server and before bring it up, I tried to
reset it's account but I was unable to it. I ran dcpromo
again to make it a domain controller and everything went
okay, however if I try to create a new user account I get
DSA errors, Ran dcpromo again and made the box member
server, DSA errors went away no problems with creating new
accounts on other domain controller.
I tried to use knowledge base and went through several
articles and no luck.

PLEASE help if you have an idea..
Thanks..

 

[Cary Shultz [A.D. MVP]]

David,

A couple of things here.

First and foremost, since the Domain Controller was not properly removed
from Active Directory you will need to do what is called a Metadata Cleanup.
You will need to use ntdsutil and probably adsiedit as well. Please take a
look at the following MSKB Article:

http://support.microsoft.com/?id=216498

This will remove all instances of the crashed Domain Controller from your
Active Directory. This will be a good thing.

In order to use adsiedit you will need to install the Support Tools. The
Support Tools are located on the WIN2000 Server CD as well as on the WIN2000
Service Pack CD in the Support | Tools folder. You can also download them
from the Microsoft Web Site.

You might want to become familiar with the various tools. They are
extremely helpful.

The second thing that you might want to do is to make sure that there are at
least two Global Catalog Servers in your domain ( I am assuming that you
have a single domain / tree / forest ). I would make all of the Domain
Controllers a Global Catalog Server in this case!

I am not sure that I follow you when you state that you tried to reset its
account.

I assume that you are trying to use the same computer name as the Domain
Controller that crashed...

HTH,

Cary

 

[Guest]

Sorry I did not include all informations needed, here it
is..
I have a flat domain with 3 DC and they all have AD
intergraded DNS with forwarders to my ISP, and they all
are GCs.
One of my domain controllers was having hard drive
problems; I was able to transfer three FSMO roles, RID,
PDC, and infrastructure to another DC. Before I was able
to run dcpromo to make it a member server, the machine
crashed.
Rebuild the server with same name and I ran dcpromo and
made it a domain controller. The process finished okay,
however when I tried to create a new user account in the
domain I kept getting DSA errors, and unable to create new
users. I ran dcpromo again and made the box member server,
DSA errors went away no problems with creating new
accounts on other two domain controllers.
I left the box as member server removed DNS, and I tried
to use knowledge base Q216498 and went through several
articles and no luck.
When I run Metadata Cleanup now, the filed DC does not
show-up, only the two properly working DCs are listed.
When I use ntdsutil and adsiedit I do not seen any
information on the failed DC.
I was not able to find any instances of the crashed Domain
Controller as the above artical talks about.
PLEASE help if you have an idea..
Thanks...