unable to remove Active Directory using dcpromo on a Windows 2003 Server with sp1 installed

J

John

I seem to have a problem with Active Directory and tried to remove it using
dcpromo and get the following error:

Active Directory could not transfer the remaining data in directory
partition CN=Schema,CN=Configuration,DC=abc,DC=com to domain conroller
mail.abc.com

"There are no more endpoints available from the endpoint mapper"

This setup consists of 2 Windows 2003 server both are domain controllers and
both have SP1 installed. On mail.abc.com everything is running ok. From the
problematic server I can ping the mail.abc.com server with the ip address
and dns name.

Is there a way to remove the problematic server manually and run dcpromo to
put it back in the active directory?

Thanks
 
M

Mike Shepperd

If both machines point to the same DNS Server then you could try doing the
DCPROMO immediately after rebooting the remaining server to ensure that you
have the best chance of getting connected (if something really is eating up
RPC endpoints).

The more serious issue is if your remaining server really is running out of
RPC Endpoints... You should look into that with the tools that are
available from Microsoft.

How to troubleshoot RPC Endpoint Mapper errors
http://support.microsoft.com/kb/839880

Its a long article but most of it just details possible symptoms, get down
to the troubleshooting section and its pretty manageable.

--

Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no rights]
 
P

Paul Bergson [MVP-DS]

If you are unable to demote this DC and you can't transfer the role then you
will probably have to do the following:

On the problematic machine run dcpromo /forceremoval
http://support.microsoft.com/default.aspx/kb/332199/en-us

Once the DC is a member server I would remove and readd to the domain (This
is not an absoultely required step but one I do to get a new computer object
sid)

Then you will need to go back and cleanup AD's metadata since it wasn't
cleaned up from the demotion
http://support.microsoft.com/?id=216498

Once done with this, you should be able to go back and repromote the member
server to a DC

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
P

Paul Bergson [MVP-DS]

I'm not sure what you are asking? Unless you misunderstood my point.
Remove from the domain, re-join the member server to the domain.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
J

John

I'm confused on this point.

"I would remove the read to the domain."
Once the DC is a member server I would remove and readd to the domain
(This is not an absoultely required step but one I do to get a new
computer object sid)

Thanks
 
P

Paul Bergson [MVP-DS]

You read it wrong, it said "readd" not "read"

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
J

John

Ok I forceremoval and ran the ntdsutil and still get no more end points when
running the ntsdutil

Is there a way to remove the problematic server from the non problematic
domain controller?
 
J

John

Ok, so if I have a good domain controller, called A and the problematic
domain controller called B.

I should be logged in under administrator on Server A and run the ntsdutil
on Server A, if so what commands do I use to remove the problematic server,
or should I be logged in under administrator on Server B and run the
ntsdutil on that server?

Sorry, but I'm abit confused on the ntsdutil program!

Thanks

"Jorge de Almeida Pinto [MVP - DS]"
 
J

John

Ok, doing this on Server A, the good domain controller I get the following
error.

When I do connect to server db

DsBindW error 0x6d9(There are no more endpoints available from the endpoint
mapper.)

And I can't go beyond this error.

Any idea's?

Thanks

=====================
John said:
Ok, so if I have a good domain controller, called A and the problematic
domain controller called B.

I should be logged in under administrator on Server A and run the ntsdutil
on Server A, if so what commands do I use to remove the problematic
server, or should I be logged in under administrator on Server B and run
the ntsdutil on that server?

Sorry, but I'm abit confused on the ntsdutil program!

Thanks

"Jorge de Almeida Pinto [MVP - DS]"
when using NTDSUTIL... are you connecting to the removed DC?

if yes...you should point to a LIVE DC and remove the information from
the removed DC

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
 
M

Mike Shepperd

..... The more serious issue is if your remaining server really is running
out of
RPC Endpoints... You should look into that with the tools that are
available from Microsoft.

How to troubleshoot RPC Endpoint Mapper errors
http://support.microsoft.com/kb/839880

Its a long article but most of it just details possible symptoms, get down
to the troubleshooting section and its pretty manageable.


--

Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no rights]


John said:
Ok, doing this on Server A, the good domain controller I get the following
error.

When I do connect to server db

DsBindW error 0x6d9(There are no more endpoints available from the
endpoint mapper.)

And I can't go beyond this error.

Any idea's?

Thanks

=====================
John said:
Ok, so if I have a good domain controller, called A and the problematic
domain controller called B.

I should be logged in under administrator on Server A and run the
ntsdutil on Server A, if so what commands do I use to remove the
problematic server, or should I be logged in under administrator on
Server B and run the ntsdutil on that server?

Sorry, but I'm abit confused on the ntsdutil program!

Thanks

"Jorge de Almeida Pinto [MVP - DS]"
when using NTDSUTIL... are you connecting to the removed DC?

if yes...you should point to a LIVE DC and remove the information from
the removed DC

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Ok I forceremoval and ran the ntdsutil and still get no more end points
when running the ntsdutil

Is there a way to remove the problematic server from the non
problematic domain controller?


You read it wrong, it said "readd" not "read"

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

I'm confused on this point.

"I would remove the read to the domain."

Once the DC is a member server I would remove and readd to the
domain (This is not an absoultely required step but one I do to get
a new computer object sid)

Thanks


I'm not sure what you are asking? Unless you misunderstood my
point. Remove from the domain, re-join the member server to the
domain.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

Thanks Paul,

How do I remove the read from the domain?

Thanks again


message If you are unable to demote this DC and you can't transfer the
role then you will probably have to do the following:

On the problematic machine run dcpromo /forceremoval
http://support.microsoft.com/default.aspx/kb/332199/en-us

Once the DC is a member server I would remove and readd to the
domain (This is not an absoultely required step but one I do to
get a new computer object sid)

Then you will need to go back and cleanup AD's metadata since it
wasn't cleaned up from the demotion
http://support.microsoft.com/?id=216498

Once done with this, you should be able to go back and repromote
the member server to a DC

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no rights.

I seem to have a problem with Active Directory and tried to remove
it using dcpromo and get the following error:

Active Directory could not transfer the remaining data in
directory partition CN=Schema,CN=Configuration,DC=abc,DC=com to
domain conroller mail.abc.com

"There are no more endpoints available from the endpoint mapper"

This setup consists of 2 Windows 2003 server both are domain
controllers and both have SP1 installed. On mail.abc.com
everything is running ok. From the problematic server I can ping
the mail.abc.com server with the ip address and dns name.

Is there a way to remove the problematic server manually and run
dcpromo to put it back in the active directory?

Thanks
 
H

Harj

Do this on Server A (good domain controller)

1. Click Start, point to Programs, point to Accessories, and then click
Command Prompt.
2. At the command prompt, type ntdsutil, and then press ENTER.
3. Type metadata cleanup, and then press ENTER. Based on the options
given, the administrator can perform the removal, but additional
configuration parameters must be specified before the removal can
occur.
4. Type connections and press ENTER. This menu is used to connect to
the specific server where the changes occur. If the currently logged on
user does not have administrative permissions, different credentials
can be supplied by specifying the credentials to use before making the
connection. To do this, type set creds DomainNameUserNamePassword, and
then press ENTER. For a null password, type null for the password
parameter.
5. Type connect to server servername, and then press ENTER (THIS
SERVERNAME SHOULD BE SERVER A). You should receive confirmation that
the connection is successfully established. If an error occurs, verify
that the domain controller being used in the connection is available
and the credentials you supplied have administrative permissions on the
server.

6. Type quit, and then press ENTER. The Metadata Cleanup menu appears.
7. Type select operation target and press ENTER.
8. Type list domains and press ENTER. A list of domains in the forest
is displayed, each with an associated number.
9. Type select domain number and press ENTER, where number is the
number associated with the domain the server you are removing is a
member of. The domain you select is used to determine whether the
server being removed is the last domain controller of that domain.
10. Type list sites and press ENTER. A list of sites, each with an
associated number, appears.
11. Type select site number and press ENTER, where number is the number
associated with the site the server you are removing is a member of.
You should receive a confirmation listing the site and domain you
chose.
12. Type list servers in site and press ENTER. A list of servers in the
site, each with an associated number, is displayed.
13. Type select server number, where number is the number associated
with the server you want to remove(WHICH SHOULD BE SERVER B). You
receive a confirmation listing the selected server, its Domain Name
System (DNS) host name, and the location of the server's computer
account you want to remove.
14. Type quit and press ENTER. The Metadata Cleanup menu appears.
15. Type remove selected server and press ENTER. You should receive
confirmation that the removal completed successfully. If you receive
the following error message, the NTDS Settings object may already be
removed from Active Directory as the result of another administrator
removing the NTDS Settings object or replication of the successful
removal of the object after running the DCPROMO utility.

How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498

Good luck

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com

Ok, so if I have a good domain controller, called A and the problematic
domain controller called B.

I should be logged in under administrator on Server A and run the ntsdutil
on Server A, if so what commands do I use to remove the problematic server,
or should I be logged in under administrator on Server B and run the
ntsdutil on that server?

Sorry, but I'm abit confused on the ntsdutil program!

Thanks

"Jorge de Almeida Pinto [MVP - DS]"
 
J

John

Once this is done, can I make server B a workgroup server then run dcpromo
on it to put it back in the domain? Or should I re-install the entire OS
from scratch?

Thanks

====================
Harj said:
Do this on Server A (good domain controller)

1. Click Start, point to Programs, point to Accessories, and then click
Command Prompt.
2. At the command prompt, type ntdsutil, and then press ENTER.
3. Type metadata cleanup, and then press ENTER. Based on the options
given, the administrator can perform the removal, but additional
configuration parameters must be specified before the removal can
occur.
4. Type connections and press ENTER. This menu is used to connect to
the specific server where the changes occur. If the currently logged on
user does not have administrative permissions, different credentials
can be supplied by specifying the credentials to use before making the
connection. To do this, type set creds DomainNameUserNamePassword, and
then press ENTER. For a null password, type null for the password
parameter.
5. Type connect to server servername, and then press ENTER (THIS
SERVERNAME SHOULD BE SERVER A). You should receive confirmation that
the connection is successfully established. If an error occurs, verify
that the domain controller being used in the connection is available
and the credentials you supplied have administrative permissions on the
server.

6. Type quit, and then press ENTER. The Metadata Cleanup menu appears.
7. Type select operation target and press ENTER.
8. Type list domains and press ENTER. A list of domains in the forest
is displayed, each with an associated number.
9. Type select domain number and press ENTER, where number is the
number associated with the domain the server you are removing is a
member of. The domain you select is used to determine whether the
server being removed is the last domain controller of that domain.
10. Type list sites and press ENTER. A list of sites, each with an
associated number, appears.
11. Type select site number and press ENTER, where number is the number
associated with the site the server you are removing is a member of.
You should receive a confirmation listing the site and domain you
chose.
12. Type list servers in site and press ENTER. A list of servers in the
site, each with an associated number, is displayed.
13. Type select server number, where number is the number associated
with the server you want to remove(WHICH SHOULD BE SERVER B). You
receive a confirmation listing the selected server, its Domain Name
System (DNS) host name, and the location of the server's computer
account you want to remove.
14. Type quit and press ENTER. The Metadata Cleanup menu appears.
15. Type remove selected server and press ENTER. You should receive
confirmation that the removal completed successfully. If you receive
the following error message, the NTDS Settings object may already be
removed from Active Directory as the result of another administrator
removing the NTDS Settings object or replication of the successful
removal of the object after running the DCPROMO utility.

How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498

Good luck

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com

Ok, so if I have a good domain controller, called A and the problematic
domain controller called B.

I should be logged in under administrator on Server A and run the
ntsdutil
on Server A, if so what commands do I use to remove the problematic
server,
or should I be logged in under administrator on Server B and run the
ntsdutil on that server?

Sorry, but I'm abit confused on the ntsdutil program!

Thanks

"Jorge de Almeida Pinto [MVP - DS]"
when using NTDSUTIL... are you connecting to the removed DC?

if yes...you should point to a LIVE DC and remove the information from
the
removed DC

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Ok I forceremoval and ran the ntdsutil and still get no more end
points
when running the ntsdutil

Is there a way to remove the problematic server from the non
problematic
domain controller?


You read it wrong, it said "readd" not "read"

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

I'm confused on this point.

"I would remove the read to the domain."

Once the DC is a member server I would remove and readd to the
domain
(This is not an absoultely required step but one I do to get a new
computer object sid)

Thanks


message
I'm not sure what you are asking? Unless you misunderstood my
point.
Remove from the domain, re-join the member server to the domain.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

Thanks Paul,

How do I remove the read from the domain?

Thanks again


message
If you are unable to demote this DC and you can't transfer the
role
then you will probably have to do the following:

On the problematic machine run dcpromo /forceremoval
http://support.microsoft.com/default.aspx/kb/332199/en-us

Once the DC is a member server I would remove and readd to the
domain (This is not an absoultely required step but one I do to
get
a new computer object sid)

Then you will need to go back and cleanup AD's metadata since it
wasn't cleaned up from the demotion
http://support.microsoft.com/?id=216498

Once done with this, you should be able to go back and repromote
the
member server to a DC

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the
NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no
rights.

I seem to have a problem with Active Directory and tried to
remove
it using dcpromo and get the following error:

Active Directory could not transfer the remaining data in
directory
partition CN=Schema,CN=Configuration,DC=abc,DC=com to domain
conroller mail.abc.com

"There are no more endpoints available from the endpoint mapper"

This setup consists of 2 Windows 2003 server both are domain
controllers and both have SP1 installed. On mail.abc.com
everything
is running ok. From the problematic server I can ping the
mail.abc.com server with the ip address and dns name.

Is there a way to remove the problematic server manually and run
dcpromo to put it back in the active directory?

Thanks
 
M

Mike Shepperd

Should???

I WOULD reinstall from a clean formatted drive, but you don't HAVE to. I
figure the hour spent rebuilding (with a new name to avoid any possible
confusion) is like money in the bank that I won't have to spend down the
road when some mystery problem appears.

--

Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no rights]


John said:
Once this is done, can I make server B a workgroup server then run dcpromo
on it to put it back in the domain? Or should I re-install the entire OS
from scratch?

Thanks

====================
Harj said:
Do this on Server A (good domain controller)

1. Click Start, point to Programs, point to Accessories, and then click
Command Prompt.
2. At the command prompt, type ntdsutil, and then press ENTER.
3. Type metadata cleanup, and then press ENTER. Based on the options
given, the administrator can perform the removal, but additional
configuration parameters must be specified before the removal can
occur.
4. Type connections and press ENTER. This menu is used to connect to
the specific server where the changes occur. If the currently logged on
user does not have administrative permissions, different credentials
can be supplied by specifying the credentials to use before making the
connection. To do this, type set creds DomainNameUserNamePassword, and
then press ENTER. For a null password, type null for the password
parameter.
5. Type connect to server servername, and then press ENTER (THIS
SERVERNAME SHOULD BE SERVER A). You should receive confirmation that
the connection is successfully established. If an error occurs, verify
that the domain controller being used in the connection is available
and the credentials you supplied have administrative permissions on the
server.

6. Type quit, and then press ENTER. The Metadata Cleanup menu appears.
7. Type select operation target and press ENTER.
8. Type list domains and press ENTER. A list of domains in the forest
is displayed, each with an associated number.
9. Type select domain number and press ENTER, where number is the
number associated with the domain the server you are removing is a
member of. The domain you select is used to determine whether the
server being removed is the last domain controller of that domain.
10. Type list sites and press ENTER. A list of sites, each with an
associated number, appears.
11. Type select site number and press ENTER, where number is the number
associated with the site the server you are removing is a member of.
You should receive a confirmation listing the site and domain you
chose.
12. Type list servers in site and press ENTER. A list of servers in the
site, each with an associated number, is displayed.
13. Type select server number, where number is the number associated
with the server you want to remove(WHICH SHOULD BE SERVER B). You
receive a confirmation listing the selected server, its Domain Name
System (DNS) host name, and the location of the server's computer
account you want to remove.
14. Type quit and press ENTER. The Metadata Cleanup menu appears.
15. Type remove selected server and press ENTER. You should receive
confirmation that the removal completed successfully. If you receive
the following error message, the NTDS Settings object may already be
removed from Active Directory as the result of another administrator
removing the NTDS Settings object or replication of the successful
removal of the object after running the DCPROMO utility.

How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498

Good luck

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com

Ok, so if I have a good domain controller, called A and the problematic
domain controller called B.

I should be logged in under administrator on Server A and run the
ntsdutil
on Server A, if so what commands do I use to remove the problematic
server,
or should I be logged in under administrator on Server B and run the
ntsdutil on that server?

Sorry, but I'm abit confused on the ntsdutil program!

Thanks

"Jorge de Almeida Pinto [MVP - DS]"
when using NTDSUTIL... are you connecting to the removed DC?

if yes...you should point to a LIVE DC and remove the information from
the
removed DC

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Ok I forceremoval and ran the ntdsutil and still get no more end
points
when running the ntsdutil

Is there a way to remove the problematic server from the non
problematic
domain controller?


You read it wrong, it said "readd" not "read"

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

I'm confused on this point.

"I would remove the read to the domain."

Once the DC is a member server I would remove and readd to the
domain
(This is not an absoultely required step but one I do to get a new
computer object sid)

Thanks


message
I'm not sure what you are asking? Unless you misunderstood my
point.
Remove from the domain, re-join the member server to the domain.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no
rights.

Thanks Paul,

How do I remove the read from the domain?

Thanks again


message
If you are unable to demote this DC and you can't transfer the
role
then you will probably have to do the following:

On the problematic machine run dcpromo /forceremoval
http://support.microsoft.com/default.aspx/kb/332199/en-us

Once the DC is a member server I would remove and readd to the
domain (This is not an absoultely required step but one I do to
get
a new computer object sid)

Then you will need to go back and cleanup AD's metadata since it
wasn't cleaned up from the demotion
http://support.microsoft.com/?id=216498

Once done with this, you should be able to go back and repromote
the
member server to a DC

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the
NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no
rights.

I seem to have a problem with Active Directory and tried to
remove
it using dcpromo and get the following error:

Active Directory could not transfer the remaining data in
directory
partition CN=Schema,CN=Configuration,DC=abc,DC=com to domain
conroller mail.abc.com

"There are no more endpoints available from the endpoint
mapper"

This setup consists of 2 Windows 2003 server both are domain
controllers and both have SP1 installed. On mail.abc.com
everything
is running ok. From the problematic server I can ping the
mail.abc.com server with the ip address and dns name.

Is there a way to remove the problematic server manually and
run
dcpromo to put it back in the active directory?

Thanks
 
H

Harj

Hi,

There really is no reason to have to reinstall. I have done metadata's
in environments with tons of DC's, did metadata's and brought the
machine back into the domain with the same name, and ip address.
Mind you it took a bit of time to replicate to all DC's before I
brought it back in.
So yes, you can bring it down and bring it back up after replication.
IF you think there is any problems with that machine, then yes
reinstall but just because your getting no endpoint mappers is not a
reason to reinstall

Good luck

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com


Mike said:
Should???

I WOULD reinstall from a clean formatted drive, but you don't HAVE to. I
figure the hour spent rebuilding (with a new name to avoid any possible
confusion) is like money in the bank that I won't have to spend down the
road when some mystery problem appears.

--

Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no rights]


John said:
Once this is done, can I make server B a workgroup server then run dcpromo
on it to put it back in the domain? Or should I re-install the entire OS
from scratch?

Thanks

====================
Harj said:
Do this on Server A (good domain controller)

1. Click Start, point to Programs, point to Accessories, and then click
Command Prompt.
2. At the command prompt, type ntdsutil, and then press ENTER.
3. Type metadata cleanup, and then press ENTER. Based on the options
given, the administrator can perform the removal, but additional
configuration parameters must be specified before the removal can
occur.
4. Type connections and press ENTER. This menu is used to connect to
the specific server where the changes occur. If the currently logged on
user does not have administrative permissions, different credentials
can be supplied by specifying the credentials to use before making the
connection. To do this, type set creds DomainNameUserNamePassword, and
then press ENTER. For a null password, type null for the password
parameter.
5. Type connect to server servername, and then press ENTER (THIS
SERVERNAME SHOULD BE SERVER A). You should receive confirmation that
the connection is successfully established. If an error occurs, verify
that the domain controller being used in the connection is available
and the credentials you supplied have administrative permissions on the
server.

6. Type quit, and then press ENTER. The Metadata Cleanup menu appears.
7. Type select operation target and press ENTER.
8. Type list domains and press ENTER. A list of domains in the forest
is displayed, each with an associated number.
9. Type select domain number and press ENTER, where number is the
number associated with the domain the server you are removing is a
member of. The domain you select is used to determine whether the
server being removed is the last domain controller of that domain.
10. Type list sites and press ENTER. A list of sites, each with an
associated number, appears.
11. Type select site number and press ENTER, where number is the number
associated with the site the server you are removing is a member of.
You should receive a confirmation listing the site and domain you
chose.
12. Type list servers in site and press ENTER. A list of servers in the
site, each with an associated number, is displayed.
13. Type select server number, where number is the number associated
with the server you want to remove(WHICH SHOULD BE SERVER B). You
receive a confirmation listing the selected server, its Domain Name
System (DNS) host name, and the location of the server's computer
account you want to remove.
14. Type quit and press ENTER. The Metadata Cleanup menu appears.
15. Type remove selected server and press ENTER. You should receive
confirmation that the removal completed successfully. If you receive
the following error message, the NTDS Settings object may already be
removed from Active Directory as the result of another administrator
removing the NTDS Settings object or replication of the successful
removal of the object after running the DCPROMO utility.

How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498

Good luck

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com


John wrote:
Ok, so if I have a good domain controller, called A and the problematic
domain controller called B.

I should be logged in under administrator on Server A and run the
ntsdutil
on Server A, if so what commands do I use to remove the problematic
server,
or should I be logged in under administrator on Server B and run the
ntsdutil on that server?

Sorry, but I'm abit confused on the ntsdutil program!

Thanks

"Jorge de Almeida Pinto [MVP - DS]"
when using NTDSUTIL... are you connecting to the removed DC?

if yes...you should point to a LIVE DC and remove the information from
the
removed DC

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Ok I forceremoval and ran the ntdsutil and still get no more end
points
when running the ntsdutil

Is there a way to remove the problematic server from the non
problematic
domain controller?


You read it wrong, it said "readd" not "read"

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

I'm confused on this point.

"I would remove the read to the domain."

Once the DC is a member server I would remove and readd to the
domain
(This is not an absoultely required step but one I do to get a new
computer object sid)

Thanks


message
I'm not sure what you are asking? Unless you misunderstood my
point.
Remove from the domain, re-join the member server to the domain.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no
rights.

Thanks Paul,

How do I remove the read from the domain?

Thanks again


message
If you are unable to demote this DC and you can't transfer the
role
then you will probably have to do the following:

On the problematic machine run dcpromo /forceremoval
http://support.microsoft.com/default.aspx/kb/332199/en-us

Once the DC is a member server I would remove and readd to the
domain (This is not an absoultely required step but one I do to
get
a new computer object sid)

Then you will need to go back and cleanup AD's metadata since it
wasn't cleaned up from the demotion
http://support.microsoft.com/?id=216498

Once done with this, you should be able to go back and repromote
the
member server to a DC

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the
NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no
rights.

I seem to have a problem with Active Directory and tried to
remove
it using dcpromo and get the following error:

Active Directory could not transfer the remaining data in
directory
partition CN=Schema,CN=Configuration,DC=abc,DC=com to domain
conroller mail.abc.com

"There are no more endpoints available from the endpoint
mapper"

This setup consists of 2 Windows 2003 server both are domain
controllers and both have SP1 installed. On mail.abc.com
everything
is running ok. From the problematic server I can ping the
mail.abc.com server with the ip address and dns name.

Is there a way to remove the problematic server manually and
run
dcpromo to put it back in the active directory?

Thanks
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top