Domain Controller Issue - Urgent Help

B

bcurran

Due to some issues with a failed domain controller upgrade to new
hardware, I am having an issue with my domain controllers. I demoted
one of my DCs after this upgrade and had many issues. I restored the
DC from backup, however now that DC does not appear in the Domain
Controllers group under AD Users and Computers. My question is, can I
just run DCPROMO again to make it a domain controller again. I have
another DC that is functioning and is authenticating users and
allowing for Exchange mail delivery just fine. The only issue I have
is that when our users change their passwords, through Netware, and
try to sync them with windows, their Windows accounts keep getting
locked out.

Can anyone offer any suggestions here. When I did my restore more then
a week ago, I did not do an Authoritative Restore as I did not know I
should do that. Any help is greatly appreciated and I will elaborate
if necessary, just let me know.

Thanks,

Bill
 
M

Meinolf Weber

Hello (e-mail address removed),

How many DC's do you have now running and hwich FSMO roles did they hold?
Which one of the running is GLobal catalog/DNS server? Until that is cleared
wait with promoting new machines, you have to cleanup Active directory before
bringing in new DC's.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
B

bcurran

I have one DC that appears in the Domain Controllers container in AD
Users and Computers. That DC has all the FSMO roles I think. It is a
DNS server as well. The DC that is not appearing in ADUC is also a DNS
server. The other machines that are the new hardware I was trying to
upgrade to are not members of the Domain yet. I blew them away and
started over again. I guess my big question is, can I just run DCPROMO
on the machine that is not appearing in ADUC and get back to the way
things were before or should I just bring promote these new machines
to DCs and go from there.
 
B

bcurran

I have one DC that appears in the Domain Controllers container in AD
Users and Computers. That DC has all the FSMO roles I think. It is a
DNS server as well. The DC that is not appearing in ADUC is also a DNS
server. The other machines that are the new hardware I was trying to
upgrade to are not members of the Domain yet. I blew them away and
started over again. I guess my big question is, can I just run DCPROMO
on the machine that is not appearing in ADUC and get back to the way
things were before or should I just bring promote these new machines
to DCs and go from there.
Click to expand...

As an add on to my response, I verified that the current DC has all
FSMO roles and is the Global Catalog as well. I think at this point, I
can bring my new servers online, run DCPROMO, setup DNS and all that,
wait for everything to replicate, then move the FSMO roles from the
server that is working to the two new ones. Do you know that best way
to split up the roles? Then I should be able to decomission my old DC.
I also need to change the client machines to point to the new DNS
servers. Am I missing anything here?
 
M

Meinolf Weber

Hello (e-mail address removed),

On the running DC check with dcdiag and netdiag for errors first. If no errors
then you could start, BUT i still have problem with your old dc, where you
are talking about that it is not in the DC OU. So what exactly have you done
with the machine? Let's check this also before starting.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
B

bcurran

Hello (e-mail address removed),

On the running DC check with dcdiag and netdiag for errors first. If no errors
then you could start, BUT i still have problem with your old dc, where you
are talking about that it is not in the DC OU. So what exactly have you done
with the machine? Let's check this also before starting.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
Click to expand...

That machine is still up and running. After we ran DCPROMO to demote
it, we had some issues. So we restored that machine from backup and
that is how we ended up where we are currently.
 
M

Meinolf Weber

Hello (e-mail address removed),

I think you have to disconnect it from the domain and cleanup the AD database
according to this:
http://support.microsoft.com/kb/555846/en-us

Because your demotion was not succesful you also where not be able to restore
correctly. If you will do it that way, NEVER connect the problem machine
back to the network, except you have completely reinstalled it.

This way would be my solution, so i can start with one running properly configured
DC to add new DC's and go on with the replacement. Like i wrote before on
the running DC check with dcdiag and netdiag.

Here is also an article about the FSMO roles and how to find all of them
to make sure all are available:
http://support.microsoft.com/kb/324801


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
B

bcurran

Hello (e-mail address removed),

I think you have to disconnect it from the domain and cleanup the AD database
according to this:http://support.microsoft.com/kb/555846/en-us

Because your demotion was not succesful you also where not be able to restore
correctly. If you will do it that way, NEVER connect the problem machine
back to the network, except you have completely reinstalled it.

This way would be my solution, so i can start with one running properly configured
DC to add new DC's and go on with the replacement. Like i wrote before on
the running DC check with dcdiag and netdiag.

Here is also an article about the FSMO roles and how to find all of them
to make sure all are available:http://support.microsoft.com/kb/324801

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
Click to expand...

Thanks for the insight. Is there anything in particular I should be
looking for when running dcdiag and netdiag other then no errors?
 
M

Meinolf Weber

Hello (e-mail address removed),

No, if you have no errors you will be fine.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain Controller Issues - Urgent Help 1
relation betwwen domain and domain controller 2
demote a domain controller 3
Domain Controllers Can't reach Default Gateway... 24
How domain controller failover works. 2
Demoted DC still appears as Domain Controller 3
Authenticating Domain Controller 2
windows login to local domain controller 2

Top