can a W2K root dc be repaired

G

Guest

I have a problem. There are conflicting opinions on how to proceed and I want
to make sure that I get this clarified before implementing our plan (which is
the first opinion).

Our domain:
We have 3 W2K DCs - dc1, dc2, and dc3. dc1 is the first dc (root dc), it has
all FSMO roles and global catalog, and AD integrated DNS. Dc2 and dc3 have AD
integrated DNS and global catalog. We have a single domain with no child
domains.

We have Exchange 2000 on a separate W2K member server.

The problem is dc1 is running out space because the previous server person
made the partition 10GB. We have moved everything that we can off of the c:
drive to keep the c: from running out of space. In the future we would like
to do an inplace upgrade to Windows 2003 server but there is not enough
space. The previous person did not use the whole hard disk so there is more
space on the physical hard disk that we can use. We would like to install a
fresh copy of W2K because of the past mistakes by the previous person.

This is where the conflict starts.The first opinion is we have 3 dcs and we
should be able to transfer the FSMO roles to dc2, dcpromo dc1 out of the
domain, re-partition dc1, install a fresh copy of W2K server, dcpromo it back
into the domain with the same name xxx.com and everything else as before, and
allow AD replication to populate dc1.

The other opinion is that we cannot mess around with the first dc in a W2K
domain because if we lose the first dc, the domain would die. In this case,
we would need to shutdown all dcs and the Exchange server, repartition dc1,
restore dc1 from tape backup (we cannot use a fresh copy of W2K), verify that
dc1 is running properly, and start up the other dcs and the Exchange server.

We do not want to lose our domain. I have read almost everything about
restoring a failed dc (which in my mind is a similar situation) on the
newsgroups. We will have full backups of all the servers in the domain before
implementing any process.

Which of these opinions are correct? Can someone point me to other resources?

Thank you for your time.
 
R

Ralf Wigand

This is where the conflict starts.The first opinion is we have 3 dcs and
we
should be able to transfer the FSMO roles to dc2, dcpromo dc1 out of the
domain, re-partition dc1, install a fresh copy of W2K server, dcpromo it
back
into the domain with the same name xxx.com and everything else as before,
and
allow AD replication to populate dc1.
Click to expand...

We already did this without any problems. Only one thing to take care of:
make sure that dc1 is completely removed from the domain via dcpromo, no
replication link is left, every other dc knows about dc1 said goodbye. Check
the DNS if it has only SRVs to the dc2 and dc3 after killing dc1. Have a
look at the event logs. Since you have only one domain the information
shopuld replicate within a few minutes. If you have a site topology, keep in
mind that it would take at lest 15 minutes for the inforstructure changes to
be replicated, so wait at least that time before a dc1 is again present. I
prefer to wait about 1-2 hours, but we have about 30 subdomains and 5 sites,
and this takes some time...
The other opinion is that we cannot mess around with the first dc in a W2K
domain because if we lose the first dc, the domain would die. In this
case,
Click to expand...

wrong to my knowledge. If all the DNS entries are correct there should be no
reason why dc1 should be contacted (as long as it is not explicitely named
in a script or path to profiles etc.

ciao, ralf
 
G

Guest

Thank you Ralf for clearing that up for me and for the advice. I will make
add your tips to my procedures.

:)

Therese
 
J

Jorge_de_Almeida_Pinto

I have a problem. There are conflicting opinions on how to
proceed and I want
to make sure that I get this clarified before implementing our
plan (which is
the first opinion).

Our domain:
We have 3 W2K DCs - dc1, dc2, and dc3. dc1 is the first dc
(root dc), it has
all FSMO roles and global catalog, and AD integrated DNS. Dc2
and dc3 have AD
integrated DNS and global catalog. We have a single domain
with no child
domains.

We have Exchange 2000 on a separate W2K member server.

The problem is dc1 is running out space because the previous
server person
made the partition 10GB. We have moved everything that we can
off of the c:
drive to keep the c: from running out of space. In the future
we would like
to do an inplace upgrade to Windows 2003 server but there is
not enough
space. The previous person did not use the whole hard disk so
there is more
space on the physical hard disk that we can use. We would like
to install a
fresh copy of W2K because of the past mistakes by the previous
person.

This is where the conflict starts.The first opinion is we have
3 dcs and we
should be able to transfer the FSMO roles to dc2, dcpromo dc1
out of the
domain, re-partition dc1, install a fresh copy of W2K server,
dcpromo it back
into the domain with the same name xxx.com and everything else
as before, and
allow AD replication to populate dc1.

The other opinion is that we cannot mess around with the first
dc in a W2K
domain because if we lose the first dc, the domain would die.
In this case,
we would need to shutdown all dcs and the Exchange server,
repartition dc1,
restore dc1 from tape backup (we cannot use a fresh copy of
W2K), verify that
dc1 is running properly, and start up the other dcs and the
Exchange server.

We do not want to lose our domain. I have read almost
everything about
restoring a failed dc (which in my mind is a similar
situation) on the
newsgroups. We will have full backups of all the servers in
the domain before
implementing any process.

Which of these opinions are correct? Can someone point me to
other resources?

Thank you for your time.
Click to expand...

go with the first opinion by transfering all possible roles and
services to other DCs, demoting the DC (be sure the metadata is
cleaned), remove the computer from the domain, installing the server
with the partitions as you need and promoting it back to a DC and
transfering all services and roles back.

to upgrade your w2k domain in the future it is NOT needed to in place
upgrade an existing w2k DC. You could also just introduce new w2k3 dcs
transfer roles and services and remove the w2k Dcs. However, you still
need to do the schema update.

see also:
MS-KBQ555040_Common Mistakes When Upgrade Windows 2000 Domain To
Windows 2003
MS-KBQ325379_How to Upgrade Windows 2000 Domain Controllers to Windows
Server 2003

Concerning the first DC stuff....
If the first DC is gone the domain does NOT die!

I’m not sure anymore but here goes...
By default, the first administrator account created in each domain is
also the Data Recovery Agent (DRA) for the Encrypting File System
(EFS) in each domain.
The DRA private key resides in the Administrator profile of the first
domain controller in the domain!
Read more about it at
http://mcpmag.com/newsletter/article.asp?EditorialsID=258
 
G

Guest

Thank you very much.

We would need to do an in place upgrade because we do not have money to get
another server but it is good know that a new server could be introduced into
the domain like you suggested. Thanks.

:)

Therese
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Replacing a W2K Domain Controller 1
Upgrading DC Hardwared - FMSO Roles 2
Can't logon to one DC if other DC is down 9
Quick design question 2
reviving ad after first dc crashed 3
2 DC in 1 domain disaster question.. 4
AD Backup 1
Moving a DC? 3

Top