General discussion

Locked

Active Directory Mess

By radgears ·
Hello
We have 2 domain controllers the first which was the original schema master and the second one that we moved the schema over to to unload the first that was running our exchange services. Some where we have lost the communication between the2 servers for active directory replication. Have tried the various tools to trouble shoot active director or to remove the operations from the second machine but get access denied errors can not reset the account on the servers because they are domain controllers. The original server is running our Exchange and is funtioning fine what I would like to do is to remove the other server and reinstall Advanced Server but the original server will not let demote it to a member server.Error it knows itis not the last server in the domain. Any help would be greatly appreciated.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Active Directory Mess

by bhostmeyer In reply to Active Directory Mess

Ouch, Here is the trick that I used... You must promote the other server to BDC so that when you demote the other one it has a fall back. Also I would read up on moving Primary exchange server or you will have issues demoting the server.

Hope this helps

Brooke

Collapse -

Active Directory Mess

by radgears In reply to Active Directory Mess

Brooke
I have all ready tried this neither one will let me even if I remove them from the network. I noticed that the in Active Directory Sites and services when I click on properties of the 2 servers the Update Sequence numbers are different. Ibelieve the 2 machines can not communicate on a secure channel.

Collapse -

Active Directory Mess

by Shanghai Sam In reply to Active Directory Mess

There are a couple of ways of doing this - neither of which are very nice.

The only way that I could recommend would be to use NTDSUTIL to seize all the single master roles to the machine you wish to keep (your exchnage box). Once you have done this quit out of NTDSUTIl until you get back to the standard prompt - you then need to do a metadata cleanup. Use the help files to take you to the particular sever that you wish to delete then remove if from AD. This will completely remove any trace of your second server as a domain controller. Once you havce done this trash your second box - use fdisk, delpart or whatever and reinstall advanced server from scratch.

Second way is to restore the system state data from an old backup - but I assume you have already tried this.

Collapse -

Active Directory Mess

by radgears In reply to Active Directory Mess
Collapse -

Active Directory Mess

by rkelly In reply to Active Directory Mess

There are a couple of ways of doing this - neither of which are very nice.

The only way that I could recommend would be to use NTDSUTIL to seize all the single master roles to the machine you wish to keep (your exchnage box). Once you have done this quit out of NTDSUTIl until you get back to the standard prompt - you then need to do a metadata cleanup. Use the help files to take you to the particular sever that you wish to delete then remove if from AD. This will completely remove any trace of your second server as a domain controller. Once you havce done this trash your second box - use fdisk, delpart or whatever and reinstall advanced server from scratch.

Second way is to restore the system state data from an old backup - but I assume you have already tried this.

Collapse -

Active Directory Mess

by radgears In reply to Active Directory Mess

Hello again
As you mentioned the ntdsutil I have attemtped this before and the only thing I have not been able to transfer back to this Server is the RID when I try to using the NTDSUTIL [connect to server followed by fully qualifiied domain name I get an error as follows DsBindW error 0x6ba< The RPC server is unavailable.> If I check the services on both machines it is running? Please do not get discouraged that I answered it as Unacceptable If somebody helps me save this machine I will figure a way to give them an additional 1500 points.

Collapse -

Active Directory Mess

by rkelly In reply to Active Directory Mess

Right then - one thing you haven't confirmed is were you running NTDSUTIL on your exchange server? If you are running it there then all you should have to do is connect to the local copy of your AD and sieze the roles locally. When AD doesn't detectthe presence of the old FSMO it should bring up a dialogue box asking you to confirm that you want to sieze the role. Select YES.

If you are still having problems then it may well be because of some strange issue with one of your services.

Restart your machine with the network cable unplugged THEN login locally and use NTDSUTIL. REMEMBER that you must also do the metadata cleanup inorder to remove ALL trace of the old box after you have restarted your exchange server.

Collapse -

Active Directory Mess

by radgears In reply to Active Directory Mess

Hello
This did allow me to seize the master when I removed it from the network but with a couple of warnings and after the Metadata cleanup it still believes that when I try to demote it that it is not the last controller in the domain. Sorry it took so long to reply but if you have any other suggestions I will wait a couple of days yet before I give up and start to reinstall.

Collapse -

Active Directory Mess

by rkelly In reply to Active Directory Mess

If the metadata cleanup didn't help then I'm afraid I'm out of ideas. The only other thing I can suggest is SP1 but I assume that you have already applied that to your machines. I have come across this scenario several times and sometimes the metadata cleanup works and sometimes reinstallation is the only way.

Sorry I can't be of anymore help.

Collapse -

Active Directory Mess

by radgears In reply to Active Directory Mess

Thanks for all help.

Back to Windows Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums