Failed DC

[Guest]

I have a DC that failed - corrupt DB. Tried all utilities but unable to recover DB. No current backup usable. Have what I will call the primary DC still running but this DC was the Schema Master. Could someone tell me the proper steps. I have to xfr the schema role to the other DC. I have another server that I can build and add to the mix and promote to DC and then remove the failed DC the repromote later for redundancy. When I xfr schema master is there anything I have to do to Exchange?? I believe I need to follow this instruction - Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion microsoft #216498. Any help would be greatly appreciated

Thanks - Jak

 

[Herb Martin]

I have a DC that failed - corrupt DB. Tried all utilities but unable to
recover DB. No current backup usable. Have what I will call the primary DC
still running but this DC was the Schema Master.

You are saying, you lost a DC which had (at least) one of your
Master roles? (i.e., the Schema master)

You can SEIZE the role using the NTDSUtil.exe program. (roles section)

IF you do this, you must NOT return the previous role holder to the
network, even if you later repair it (as a DC that is; you may bring it
online
to perform a DCPromo to make it a server, and later re-promote it.)

Could someone tell me the proper steps. I have to xfr the schema role to

the other DC. I have another server that I can build and add to the mix and
promote to DC and then remove the failed DC the repromote later for
redundancy. When I xfr schema master is there anything I have to do to
Exchange?? I believe I need to follow this instruction - Remove Data in
Active Directory After an Unsuccessful Domain Controller Demotion microsoft
#216498. Any help would be greatly appreciated.

You can also do the "remove" in NTDSUtil etc.

A couple of other things to note: Move ALL the lost roles if any
others.

(You really aren't supposed to separate Schema Master and Domain
Naming Master so you should have lost both of them, etc.)

AND make sure you have a working GC. (Sites and Services). Exchange
will suffer as will other things if you have no GC.

You may have multiple GCs -- even all DCs -- if you wish.

 

[Guest]

Thanks Herb. I just inherited this system/role and when it failed I found out there was not a backup for this server. The failed DC only had one role and that was schema master. Used dumpfsmo to find the roles - it only held schema and the main DC held all other roles. Both DCs were GCs. The reason I had concern for the procedure of things is just as you mentioned I cannot reintroduce the failed server. This failed server performs all backups, is the update server and also handle the enterprise virus protection and propagation. I was also concerned about affecting Exchange when I seize the schema role from former schema master DC. The network is feeling the strain w/ just one DC. I bring the failed DC up in restore AD/safe mode so it still performs the aforementioned network functions. ANy more pointers before I tackle this would be appreciated

Thanks again - Jake

 

[Herb Martin]

Thanks Herb. I just inherited this system/role and when it failed I found

out there was not a backup for this server.

Then you can blame it on the old sysadmin failing to make backups (and

The failed DC only had one role and that was schema master.

Odd -- as I said, it is seldom moved from the Domain Naming Master;
and that should be a GC so you might have lost your only GC too.

Sounds like the other Admin was pretty confused or lazy.

Used dumpfsmo to find the roles - it only held schema and the main DC held

all other roles. Both DCs were GCs.

Good -- this (GCs) cancells my concern about that.

The reason I had concern for the procedure of things is just as you

mentioned I cannot reintroduce the failed server. This failed server
performs all backups, is the update server and also handle the enterprise
virus protection and propagation.

IF it operates you CAN bring it only VERY BRIEFLY to DCPromo it.
If DCPromo fails you can run it with the /forceremoval switch (SP3 or SP4+)
and get rid of the AD.

After that it can be brought online for data etc.

Also, if you bring it online as a DC to DCPromo (demote it) you may
be tempted to leave it because it will SEEM to work...TRUST ME
on this: Do NOT leave it online any longer than necessary.

Microsoft has never fully explained the reason but it is well-documented
(and I tried it with very bad results over time) that you must NOT bring
it online permanently.

I was also concerned about affecting Exchange when I seize the schema role

from former schema master DC. The network is feeling the strain w/ just one
DC. I bring the failed DC up in restore AD/safe mode so it still performs
the aforementioned network functions. ANy more pointers before I tackle
this would be appreciated.

How big is your Net? One DC should service a LOT of clients unless it is
busy with other stuff.

Of course you need fault tolerance anyway....

You can call me if you are confused -- this isn't real hard and you seem to
understand but it is a bit tedious.

Phone number is on my web site -- http://www.LearnQuick.Com