removing AD question

D

DM

ok one of my DCs blew up. I was informed it was
best for me to dcpromo /forceremoval my troubled machine and then dc promo
it to get the AD running again. I have no problem doin that with the
exception that the machine is
running Exchange 5.5. So what im thinking here is the following:

idea A
---------
1)dcpromo /forceremoval
2)on reboot, boot it to safemode with networking to prevent the exchange
services to boot
(or should i just disable them before i reboot it?)
3)dcpromo and make it a replica again?

idea B
--------
1) dcpromo /forceremoval
2) on reboot, boot it to safemode with networking to prevent the exchange
services to boot
(or should i just disable them before i reboot it?)
3) install the ADC for exchange
4)enable services and reboot?

Does this seem like it will work? I could really use some assistance for
this one!

thanks in advance,
-dm
 
G

Glenn L

I'm not sure how the ADC tools play a part in this recovery task.
I'm no exchnage 5.5 expert, but I think this version is highly dependent on
the existing computer account.

With that said, I have an idea to preserve the server account object and its
all important SID
Force demote the DC.
Modify the useraccountcontrol attribute (use ADSIEDIT.MSC) on the server
object to 4280. I think it is 4280. Check another MEMBER server to see
what its useraccountcontrol value is.
Then right click the server object and choose reset computer account.
Then metadata cleanup the NTDS settings object of the demoted server and the
NTFRS subscriber object of the server. see KB216498
The article says to also delete the computer object, don't do it in this
case.
Then join the demoted server back to the domain. It will resync with the
original computer account.
Then run DCPROMO and make it a DC.

The above steps assume it is vital to preserve the machine account for
exchange.
However I suspect there is a way to recover exchange after its computer
account is lost/deleted (in other words gets a new SID when brought back) ,
I just don't know how difficult it is.

And yes, you should disable the exchange services during these maintenance
tasks.
 
C

Cary Shultz [A.D. MVP]

Glenn,

I think that it is 4096!

Cary

Glenn L said:
I'm not sure how the ADC tools play a part in this recovery task.
I'm no exchnage 5.5 expert, but I think this version is highly dependent on
the existing computer account.

With that said, I have an idea to preserve the server account object and its
all important SID
Force demote the DC.
Modify the useraccountcontrol attribute (use ADSIEDIT.MSC) on the server
object to 4280. I think it is 4280. Check another MEMBER server to see
what its useraccountcontrol value is.
Then right click the server object and choose reset computer account.
Then metadata cleanup the NTDS settings object of the demoted server and the
NTFRS subscriber object of the server. see KB216498
The article says to also delete the computer object, don't do it in this
case.
Then join the demoted server back to the domain. It will resync with the
original computer account.
Then run DCPROMO and make it a DC.

The above steps assume it is vital to preserve the machine account for
exchange.
However I suspect there is a way to recover exchange after its computer
account is lost/deleted (in other words gets a new SID when brought back) ,
I just don't know how difficult it is.

And yes, you should disable the exchange services during these maintenance
tasks.
Click to expand...
 
D

DM

Hi guys,

thanks for your input, but unfortunately its kinda too late. i started this
task about 11:30 last night. My original idea of stopping and disabling
exchange services, forcing the demotion, rebooting, then making it a DC,
then enabling the services, and then rebooting a final time worked! dcdiag
passes all tests and there are no errors in event log... so im happy

thanks again,
-Dustin


Cary Shultz said:
Glenn,

I think that it is 4096!

Cary

Glenn L said:
I'm not sure how the ADC tools play a part in this recovery task.
I'm no exchnage 5.5 expert, but I think this version is highly dependent on
the existing computer account.

With that said, I have an idea to preserve the server account object and its
all important SID
Force demote the DC.
Modify the useraccountcontrol attribute (use ADSIEDIT.MSC) on the server
object to 4280. I think it is 4280. Check another MEMBER server to see
what its useraccountcontrol value is.
Then right click the server object and choose reset computer account.
Then metadata cleanup the NTDS settings object of the demoted server and the
NTFRS subscriber object of the server. see KB216498
The article says to also delete the computer object, don't do it in this
case.
Then join the demoted server back to the domain. It will resync with the
original computer account.
Then run DCPROMO and make it a DC.

The above steps assume it is vital to preserve the machine account for
exchange.
However I suspect there is a way to recover exchange after its computer
account is lost/deleted (in other words gets a new SID when brought
Click to expand...
back)
Click to expand...
 
R

rickiez

My first thought would be is there a tape you could restore from
instead? even just the system state?

After that I'd reboot into safe mode and disable exchange services or
you could always boot to the Recovery Console from CD and disable the
services that way. Then dcpromo.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

removing active directory when "directory services cannot start" 2
How I can clear the AD to a server 2003 1
manually removing child domains 4
AD removal 2
AD Replication Problem 2
Removing AD Help Needed 5
Removing AD off a DC 3
Force Removal Problem 1

Top