wuitsung
asked on
FSMO seizing questions
Environment:
2 DCs, AD-intergrated, both running 2003 in a single domain environment.
Trying to get rid of old DC. But the first DC cannot be brought online anymore.
Old DC hold GC, not the new DC.
I successfully seized 5 FSMO roles on new DC. What should I do with GC? I just check in site and service?
2 DCs, AD-intergrated, both running 2003 in a single domain environment.
Trying to get rid of old DC. But the first DC cannot be brought online anymore.
Old DC hold GC, not the new DC.
I successfully seized 5 FSMO roles on new DC. What should I do with GC? I just check in site and service?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes. But I deleted the DC1 object from users and computers and from site and services first. I didn't do meatadata cleanup first....
That is fine, you should still have data still in their for the dc unless you did a dcpromo.
ASKER
Here si the screenshot.... no more DC1 there
metadata.JPG
metadata.JPG
Your clean. That's good.
ASKER
So if I can just completely remove the object from users and computers and from site and services, does that mean metadata cleaup is not a MUST to run? Or it's just a safe checker in this case? What is the circumstance that I MUST run metadata cleaup?
When you have a failed dc that you can't dcpromo gracefully
ASKER
But in my case, I didn't even do dcpromo on the first DC. I just removed it from users and computers and from site and services. So it seems not really necessary to run metadata cleaup..... that's why I am wondering when I must use it besides this.
You should use it everytime a dc fails. Usually just removing it from ADUC doesn't always work.
ASKER
Ok. I got it!!!
And one more thing happened to me... because the I just restored the first DC back to standalone server. So the SID still the same. I was able to join the domain successfully, but after I reboot, when I try to log on, it returns me this message (see screenshot). So I think maybe the object is not completely wiped out from AD... but I cannot find it from anywhere in AD at this point. Even the metadata cannot find it......
sid.JPG
And one more thing happened to me... because the I just restored the first DC back to standalone server. So the SID still the same. I was able to join the domain successfully, but after I reboot, when I try to log on, it returns me this message (see screenshot). So I think maybe the object is not completely wiped out from AD... but I cannot find it from anywhere in AD at this point. Even the metadata cannot find it......
sid.JPG
Do you mean you made that DC just a member server? Did you dcpromo /forceremoval? Did you change the DNS IP address?
ASKER
Because the first DC has a standalone backup image, I just restored it.
So ip is the same as DC1, but DNS point to DC2.
I didn't do dcpromo to demote the DC, i just restored it.
And now, I just joined the domain, but after I reboot, I got this message.
So ip is the same as DC1, but DNS point to DC2.
I didn't do dcpromo to demote the DC, i just restored it.
And now, I just joined the domain, but after I reboot, I got this message.
Do you have error messages in the Event Viewer?
ASKER
This is the only error I got on DC1.
logon.JPG
logon.JPG
ASKER
I think I can use the micrsoft application called newSID to regenerate the SID and the problem might be fixed, but I am just wondering the DC1 object no longer in AD, how come there is still this problem....
Can't be for sure but it could have been just a glitch. I tried to re-create the same problem but I didn't get an error.
ASKER
I see... Thank you very much for your help and time.
By the way, I asked you a question a while ago. And I think I found some solution to the problem. But I haven't had a chance to work on the DC yet... Could you please take a look.
https://www.experts-exchange.com/questions/23879770/Which-DC-should-I-reset-machine-account.html
By the way, I asked you a question a while ago. And I think I found some solution to the problem. But I haven't had a chance to work on the DC yet... Could you please take a look.
https://www.experts-exchange.com/questions/23879770/Which-DC-should-I-reset-machine-account.html
ASKER
So now the first DC is completely gone. But I have successfully seizing all roles to the new DC.
But here is the questions as you told me last time about metadata cleaup.
Now the 1st DC no longer exist, I just deleted the DC1 object from users and computers and from site and services. After that, I went into meatadata cleanup, but i don't see the dc anymore, what should i do? Does that mean the object completely removed from AD?