pcspcs
asked on
Cannot add a new DC to domain - error that changes must be made but whether they've been made is undetermined
I'm having trouble adding a new server to an AD domain. There are four servers on the network, all are Windows 2003 Enterprise. Two were domain controllers. One DC crashed. All references to it were removed from AD and a new server was buit. When trying to add it as a DC using dcpromo wizard we see:
The Wizard is configuring Active Directory
Located comain controller server1.mydomain.com
Stopping NETLOGON
Examining an existing Active Directory Forest
After a moment we get the error:
The operation failed because: This Active Directory installation requires domain configuration changes, but whether these changes have been made on the domain controller server1.mydomain.com is undetermined. The installation process has quite. "The system cannot find the file specified".
We though it might be because we named the replacement serve the same name as the one we removed. So we renamed the server and tried again with the same results. This is after a fresh install on a blank drive on this server. I assume there are some permission problems somewhere in AD, but have no way to verify this or know where to look. Awhile back we made changes to some impersonation settings, but they should all be back where they belong.
The Wizard is configuring Active Directory
Located comain controller server1.mydomain.com
Stopping NETLOGON
Examining an existing Active Directory Forest
After a moment we get the error:
The operation failed because: This Active Directory installation requires domain configuration changes, but whether these changes have been made on the domain controller server1.mydomain.com is undetermined. The installation process has quite. "The system cannot find the file specified".
We though it might be because we named the replacement serve the same name as the one we removed. So we renamed the server and tried again with the same results. This is after a fresh install on a blank drive on this server. I assume there are some permission problems somewhere in AD, but have no way to verify this or know where to look. Awhile back we made changes to some impersonation settings, but they should all be back where they belong.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
sorry about that Deb, didn't see that you already recomended seizing the FSMO roles, I forgot to refresh before posting :\
-Mitch
-Mitch
No probs - done it myself many many times ;-)
ASKER
Wahoo! Thank you Deb. Thank you thank you thank you!
Glad to help :))
http://support.microsoft.com/kb/255690
If the server that crashed was holding any of those roles you will need to seize them onto another DC. This article covers the steps you will need to go through to do that:
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504 (Scroll down to the "Seize FSMO roles" portion of the article)
Also, was server 1 the only Global catalog in the forest? If so you will want to make another server the global catalog by following the steps here:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/7b1c3e1c-ef32-4b8e-b4c4-e73910575f61.mspx
Lastly, if the old DC crashed then it was not able to be gracefully removed from your AD metadata / schema. You can follow the steps in the following article to use ntdsutil to clean up and remove your old DC from the AD metadata:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/012793ee-5e8c-4a5c-9f66-4a486a7114fd.mspx
Hopefully one of these solutions will help you out! Best of luck!
-Mitch