General discussion

Locked

ACTIVE DIRECTORY GURU QUESTION

By REZUMA ·
I have a story to tell and a question to ask.
The story, I had a Domain controller (ro1) in a multisite-single domain network that crashed. This DC was the first one in the AD and it had the roles PDC emulator, RID master and infrastructure master. Unluckily, this server also have production data that a SQL server application was using. So when the server crashed i have to rebuild it with the exactly the same name to dont mess things up with the application, although i am sure that for AD the crashed ro1 and this new one are diffirent because they will have a different RID (am i right?)
I was able to transfer those roles to a brand new DC that built, now the problem and my question, AD still "thinks" that ro1 is a DC and i need to fix that. I was thinking on changing the name to ro1 and then delete manually any entry in the AD that refers to ro1, but the problem is that i cant rename ro1, how can i tell AD that ro1 is not anymore a DC?...

Note: somebody advice me to promote ro1 to DC but i also read that after moving those roles the original holder of them should not be put into the network ever (but is my new ro1 with different RID the original holder)

Thanks in advance

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to ACTIVE DIRECTORY GURU QUE ...

This is not an uncommon issue at all. You will need to follow the steps in Dan Petri's excellent article on removing a DC after an unsucecssful demotion:

http://www.petri.co.il/fix_unsuccessful_demotion.htm

And the Microsoft rather vague advice is here:

http://support.microsoft.com/?kbid=216498

Collapse -

by BFilmFan In reply to

The metadata cleanup steps will remove the old domain controller information from AD.

Collapse -

by REZUMA In reply to

Poster rated this answer.

Collapse -

by razz2 In reply to ACTIVE DIRECTORY GURU QUE ...

REZUMA,

Wasn't it your question from Dec 15th titled

"RID master dc CRASH. NEED HELP"?

You closed it on the 13th awarding my solution points, but this
appears to be the same question. Maybe I have misread it.
Anyway, here again is the suggested solution.

Seize the the roles to another DC.

Then follow the steps in this KB article to remove the old DC
from AD.:

http://support.microsoft.com/kb/216498

Then promote the rebuilt server to DC. You could then take
them back to the rebuilt server if you wanted. Make sure to take
your time and allow for full domain sync on each step. I have
seized roles before, and used the ntdsutil & ADSIEdit utilities
before, but I should say never where I had the name issue you
have. It seems to me to fine as along as you clear AD of any
reference to the old DC first.

Good Luck,

razz

Collapse -

by REZUMA In reply to

Hi, you are right, my other question was similar, but not the same, although i understand that they way i presented the question was not the best one.
I have already seized the roles to a new DC. The one that crashed had also some data an appplcation needs, so my first step after the crashing was to rebuild that computer with exactly the same name, i did not promote it, of course.
AD is still thinking there is a DC, i could delete all the entry in the AD to that DC (ro1), the problem is that due to the application i can do that, because there is a computer with that name so i will want to remove the old DC but not the new computer.
Anyway, i have been thinking and maybe it is even easier than i thought. I could disjoin that computer from the domain, then remove any reference in AD to that name ,ro1 (remember that name identifies the old DC and the new computer), and then after the sync add that computer back to the domain...i think that will work, what do you think?

Thanks
Rezuma

Collapse -

by razz2 In reply to ACTIVE DIRECTORY GURU QUE ...

Yes, that would work fine. Just remove the "new" from the
domian.

Then wait for full replication / domain AD sync.

Then delete any traces of the old DC.

Again, wait long enough for the domain to sync.

Then add it back in.

See, you are a GURU... great idea.

Good Luck,

razz

Collapse -

by REZUMA In reply to

Thanks, I will do so, I dont think that I am a GURU, there is sooooo much to learn just in Active Directory... and i am also playing with Linux systems...too much to learn :)
Anyway, thanks very much for your help, see you around

Collapse -

by REZUMA In reply to ACTIVE DIRECTORY GURU QUE ...

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums