FSMO Domain Controller BIG PROBLEMS!!

  • Thread starter Thread starter Wes
  • Start date Start date
W

Wes

I need some MAJOR help!! I did not do this process right. I had 2 Domain
Controllers and I just recently replaced one (apparently the Operations
Master). I did this by building a new computer, making it a Domain
Controller and then just removing the old one. To top it off, I then
renamed the new DC to be what he old DC was. Now I am having problems
adding new accounts. I am getting "the account-indentifier allocator failed
to initialize properly...." and no new account can be created. I have a
feeling this is real bad. I never demoted the old DC before taking it out
and now I do not have it anymore.

Any thoughts????

Thanks,
Wes
 
Wes said:
I need some MAJOR help!! I did not do this process right. I had 2 Domain
Controllers and I just recently replaced one (apparently the Operations
Master). I did this by building a new computer, making it a Domain
Controller and then just removing the old one. To top it off, I then
renamed the new DC to be what he old DC was. Now I am having problems
adding new accounts. I am getting "the account-indentifier allocator failed
to initialize properly...." and no new account can be created. I have a
feeling this is real bad. I never demoted the old DC before taking it out
and now I do not have it anymore.
Click to expand...

The FSMO part would be easy to fix (Ntdsutil->Roles) by seizing the
roles.

You should NOT have been able to rename the DC however -- it just
should not have worked.

(you might want a backup now, in case you make it worse.)

First try would be to rename it BACK to it's 'real' name. If that
works and you are able to seize the 5 roles then you are probably
good.

Also note, that seizing roles implies you must NEVER return the
original DC role-holder to the network -- but presumably if you
could do that you wouldn't be in this fix.

FYI: The right way to upgrade hardware for a DC is to do an
OS upgrade (and yes, that can be done generally even if the current
hardware doesn't support the new OS or the hardware must be switched
out -- usually a Repair install or in Win2003 an ASR does this trick.)

Only in the most advanced Win2003 Domain mode can a DC be renamed
(successfully.)
 
Thanks for the reply. Maybe I need to clarify. I ADDED a new DC into the
mix, so now there were 3. I removed the old DC and named the newly built
one to the old DC's name. Make sense? I didn't really rename the old one,
I removed it and named the new one the same, so all of the network shared
people had mapped to it (it was a file server too) would work.

With that in mind, what should I do? The old one is gone.

-Wes

Herb Martin said:
Wes said:
I need some MAJOR help!! I did not do this process right. I had 2 Domain
Controllers and I just recently replaced one (apparently the Operations
Master). I did this by building a new computer, making it a Domain
Controller and then just removing the old one. To top it off, I then
renamed the new DC to be what he old DC was. Now I am having problems
adding new accounts. I am getting "the account-indentifier allocator failed
to initialize properly...." and no new account can be created. I have a
feeling this is real bad. I never demoted the old DC before taking it out
and now I do not have it anymore.
Click to expand...

The FSMO part would be easy to fix (Ntdsutil->Roles) by seizing the
roles.

You should NOT have been able to rename the DC however -- it just
should not have worked.

(you might want a backup now, in case you make it worse.)

First try would be to rename it BACK to it's 'real' name. If that
works and you are able to seize the 5 roles then you are probably
good.

Also note, that seizing roles implies you must NEVER return the
original DC role-holder to the network -- but presumably if you
could do that you wouldn't be in this fix.

FYI: The right way to upgrade hardware for a DC is to do an
OS upgrade (and yes, that can be done generally even if the current
hardware doesn't support the new OS or the hardware must be switched
out -- usually a Repair install or in Win2003 an ASR does this trick.)

Only in the most advanced Win2003 Domain mode can a DC be renamed
(successfully.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Click to expand...
 
Wes said:
Thanks for the reply. Maybe I need to clarify. I ADDED a new DC into the
mix, so now there were 3. I removed the old DC and named the newly built
one to the old DC's name. Make sense?
Click to expand...

No. I understand what you are saying but renaming DCs is not supported
under Win2000 so this should not even have been possible. Even under
Win2003 it is not possible except in the most advanced Domain Mode.
I didn't really rename the old one,
I removed it and named the new one the same, so all of the network shared
people had mapped to it (it was a file server too) would work.

With that in mind, what should I do? The old one is gone.
Click to expand...

Try to reverse the process -- but since you have 2 DCs (working and the
funky renamed one) you likely have a way out.

DCPromo the renamed one to NON-DC. Get everything tested and working
again. Rename the NON-DC server to the "old name". THEN DCPromo
it to DC under that old name.

Best bet NEXT time: Upgrade the old name DC.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
-Wes

Herb Martin said:
Wes said:
I need some MAJOR help!! I did not do this process right. I had 2 Domain
Controllers and I just recently replaced one (apparently the Operations
Master). I did this by building a new computer, making it a Domain
Controller and then just removing the old one. To top it off, I then
renamed the new DC to be what he old DC was. Now I am having problems
adding new accounts. I am getting "the account-indentifier allocator failed
to initialize properly...." and no new account can be created. I have a
feeling this is real bad. I never demoted the old DC before taking it out
and now I do not have it anymore.
Click to expand...

The FSMO part would be easy to fix (Ntdsutil->Roles) by seizing the
roles.

You should NOT have been able to rename the DC however -- it just
should not have worked.

(you might want a backup now, in case you make it worse.)

First try would be to rename it BACK to it's 'real' name. If that
works and you are able to seize the 5 roles then you are probably
good.

Also note, that seizing roles implies you must NEVER return the
original DC role-holder to the network -- but presumably if you
could do that you wouldn't be in this fix.

FYI: The right way to upgrade hardware for a DC is to do an
OS upgrade (and yes, that can be done generally even if the current
hardware doesn't support the new OS or the hardware must be switched
out -- usually a Repair install or in Win2003 an ASR does this trick.)

Only in the most advanced Win2003 Domain mode can a DC be renamed
(successfully.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Click to expand...
Click to expand...
 
Hi again Herb!

This sounds like a plan, just one question though...if this was my file
server and everyone is already mapped to the old name and then share, what
do I do? I tried to make it the same name as to avoid remapping everyone's
shares. Example:

\\oldserver\share I wanted everyone to keep this. Makes sense? Any ideas
on that, or am I doomed to have to remap everyone's drives?

-Wes

Herb Martin said:
Wes said:
Thanks for the reply. Maybe I need to clarify. I ADDED a new DC into the
mix, so now there were 3. I removed the old DC and named the newly built
one to the old DC's name. Make sense?
Click to expand...

No. I understand what you are saying but renaming DCs is not supported
under Win2000 so this should not even have been possible. Even under
Win2003 it is not possible except in the most advanced Domain Mode.
I didn't really rename the old one,
I removed it and named the new one the same, so all of the network shared
people had mapped to it (it was a file server too) would work.

With that in mind, what should I do? The old one is gone.
Click to expand...

Try to reverse the process -- but since you have 2 DCs (working and the
funky renamed one) you likely have a way out.

DCPromo the renamed one to NON-DC. Get everything tested and working
again. Rename the NON-DC server to the "old name". THEN DCPromo
it to DC under that old name.

Best bet NEXT time: Upgrade the old name DC.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
-Wes
Click to expand...
have
a
feeling this is real bad. I never demoted the old DC before taking
Click to expand...
it
out
and now I do not have it anymore.

The FSMO part would be easy to fix (Ntdsutil->Roles) by seizing the
roles.

You should NOT have been able to rename the DC however -- it just
should not have worked.

(you might want a backup now, in case you make it worse.)

First try would be to rename it BACK to it's 'real' name. If that
works and you are able to seize the 5 roles then you are probably
good.

Also note, that seizing roles implies you must NEVER return the
original DC role-holder to the network -- but presumably if you
could do that you wouldn't be in this fix.

FYI: The right way to upgrade hardware for a DC is to do an
OS upgrade (and yes, that can be done generally even if the current
hardware doesn't support the new OS or the hardware must be switched
out -- usually a Repair install or in Win2003 an ASR does this trick.)

Only in the most advanced Win2003 Domain mode can a DC be renamed
(successfully.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Click to expand...
Click to expand...
Click to expand...
 
This sounds like a plan, just one question though...if this was my file
server and everyone is already mapped to the old name and then share, what
do I do? I tried to make it the same name as to avoid remapping everyone's
shares. Example:

\\oldserver\share I wanted everyone to keep this. Makes sense? Any ideas
on that, or am I doomed to have to remap everyone's drives?
Click to expand...

Not if you fix the name BEFORE you make it a DC (that is, make it a non-DC
now) and then later DCPromo it under the correct name.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Wes said:
Hi again Herb!


-Wes

Herb Martin said:
Wes said:
Thanks for the reply. Maybe I need to clarify. I ADDED a new DC into the
mix, so now there were 3. I removed the old DC and named the newly built
one to the old DC's name. Make sense?
Click to expand...

No. I understand what you are saying but renaming DCs is not supported
under Win2000 so this should not even have been possible. Even under
Win2003 it is not possible except in the most advanced Domain Mode.
I didn't really rename the old one,
I removed it and named the new one the same, so all of the network shared
people had mapped to it (it was a file server too) would work.

With that in mind, what should I do? The old one is gone.
Click to expand...

Try to reverse the process -- but since you have 2 DCs (working and the
funky renamed one) you likely have a way out.

DCPromo the renamed one to NON-DC. Get everything tested and working
again. Rename the NON-DC server to the "old name". THEN DCPromo
it to DC under that old name.

Best bet NEXT time: Upgrade the old name DC.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
-Wes

I need some MAJOR help!! I did not do this process right. I had 2
Domain
Controllers and I just recently replaced one (apparently the Operations
Master). I did this by building a new computer, making it a Domain
Controller and then just removing the old one. To top it off, I then
renamed the new DC to be what he old DC was. Now I am having problems
adding new accounts. I am getting "the account-indentifier allocator
failed
to initialize properly...." and no new account can be created. I
Click to expand...
have
a
feeling this is real bad. I never demoted the old DC before
Click to expand...
Click to expand...
taking
it
out
and now I do not have it anymore.

The FSMO part would be easy to fix (Ntdsutil->Roles) by seizing the
roles.

You should NOT have been able to rename the DC however -- it just
should not have worked.

(you might want a backup now, in case you make it worse.)

First try would be to rename it BACK to it's 'real' name. If that
works and you are able to seize the 5 roles then you are probably
good.

Also note, that seizing roles implies you must NEVER return the
original DC role-holder to the network -- but presumably if you
could do that you wouldn't be in this fix.

FYI: The right way to upgrade hardware for a DC is to do an
OS upgrade (and yes, that can be done generally even if the current
hardware doesn't support the new OS or the hardware must be switched
out -- usually a Repair install or in Win2003 an ASR does this trick.)

Only in the most advanced Win2003 Domain mode can a DC be renamed
(successfully.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Click to expand...
Click to expand...
Click to expand...
 
Back
Top