Hi friends, I want to know if you could help me to rebuilt my
DNS and Global
catalog, in my forest, the scenario is like this: I had two
DC's and one of
them had the 5 FSMO roles, the only DNS and the only Global
Catalog,
additionally I have the second DC but this one doesn't have
Global Catalog,
DNS, no Roles. I lost my principal domain controller and with
it the unique
Global Catalog, DNS and Roles (I lost the hardware, I don't
have recent
backups), my question is, can I rebuild the DNS, and the
global catalog, in
the second domain controller alive to recover the
functionality of the
forest. If it so, can you please send me a procedure to do
that?
Thanks a lot.
Felipx
OK.. one importatn thing to know here is the OS version
GC: - just assign the GC role to the remaining DC using sites and
services MMC
1. On the domain controller where you want the new global catalog,
start the Active Directory Sites and Services snap-in. To start the
snap-in, click Start, point to Programs, point to Administrative
Tools, and then click Active Directory Sites and Services.
2. In the console tree, double-click Sites, and then double-click
sitename.
3. Double-click Servers, click your domain controller, right-click
NTDS Settings, and then click Properties.
4. On the General tab, click to select the Global catalog check box to
assign the role of global catalog to this server.
5. Restart the domain controller. (only if DC = W2K)
FSMO roles: SEIZE the FSMO roles to the remaining DC -> see:
http://support.microsoft.com/?id=324801
http://support.microsoft.com/?id=255504
http://support.microsoft.com/?id=255690
http://support.microsoft.com/?id=197132
http://www.petri.co.il/transferring_fsmo_roles.htm
http://www.petri.co.il/seizing_fsmo_roles.htm
DNS role: well this depends on the replication scope for the zones you
have and the OS version of the DCs
If "the DC is W2K and the zone type is AD integrated"
* The data is stored in the domain partition. Just install DNS on the
remaining DC. Use the DNS MMC and you will see the data is stil there
If "the DC is W2K3, the zone type is AD integrated and the replication
scope is all DCs in the domain"
* The data is stored in the domain partition. Just install DNS on the
remaining DC. Use the DNS MMC and you will see the data is stil there
If "the DC is W2K3, the zone type is AD integrated and the replication
scope is all DNS/DCs servers in the domain or forest"
* The data is lost as it was stored in the DNS application partition
that was only hosted on the DC that died
* Install DNS on the remaining DC, recreate the zones that you hosted
previously and configure accordingly. Force registration of DNS
records on the servers (ipconfig /registerdns)(this could be done
remotely using psexec from sysinternals)
* If "the zone type is standard primary"
* The data is lost as it was stored on the other server that died
* Install DNS on the remaining DC, recreate the zones that you hosted
previously and configure accordingly. Force registration of DNS
records on the servers (ipconfig /registerdns)(this could be done
remotely using psexec from sysinternals)
Concerning servers and clients: don’t forget to point those to the
remaining DC for the services it hosts (e.g. DNS)
Concerning the DC that died, you need to cleanup the metadata of it.
See the following articles for how to it:
How to remove data in Active Directory after an unsuccessful domain
controller demotion
-->
http://support.microsoft.com/?id=216498
Clean up server metadata
-->
http://www.microsoft.com/technet/pr...ons/012793ee-5e8c-4a5c-9f66-4a486a7114fd.mspx
Delete extinct server metadata
-->
http://www.microsoft.com/technet/pr...elp/1a7522c3-ac6e-4f83-af5b-9be87b47a95d.mspx
How can I manually delete a server object from the Active Directory
database in case of a bad DCPROMO procedure?
-->
http://www.petri.co.il/fix_unsuccessful_demotion.htm
How can I delete a failed Domain Controller object from Active
Directory?
-->
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Hope this helps!
Good luck!
C_Name /f:c:\dcdiag.log