• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 382
  • Last Modified:

New PDC in Windows 2000

I currently have an old server that is running Windows 2000 Server, SP4.  This server is our PDC.  We are about to junk this server, it's very old and slow, so I need to promote one of my other servers, running Windows 2K, SP4, to our PDC.  How do I do this?
Thanks,
0
gtimmons
Asked:
gtimmons
  • 17
  • 7
  • 5
  • +2
1 Solution
 
Pete LongTechnical ConsultantCommented:
New Domain Controller

First DON’T consider using a cloning tool like Norton/Symantec Ghost to make an image of the server, this is fraught with pitfalls!
Consider keeping the old Domain Controller running, having two domain controllers build redundancy/Fault tolerance into your network.

1.      Build the new server in the live environment, put on all the relevant service packs (remember MS service packs are inclusive, SP2 includes SP1 etc) and join the server to the domain (You Must have the rights to do this)
2.      Promote the New server to a domain controller by running DCPromo (The server MUST be able to see DNS or it will fail) to run DC Promo Click Start >Run >type “dcpromo” {enter}
3.      When the server has finished and rebooted, you need to make the decision on weather to keep the old Domain Controller (I would say yes) If you do then your job is finished.
4.      You will now need to “seize” the FSMO roles there are 5 FSMO roles which are

·      Schema master - Forest-wide and one per forest.
·      Domain naming master - Forest-wide and one per forest.
·      RID master - Domain-specific and one for each domain.
·      PDC - PDC Emulator is domain-specific and one for each domain.
·      Infrastructure master - Domain-specific and one for each domain.
5.      To do this you need to use the “ntdsutil” tool

To move the FSMO roles from one computer to another, you can use two different methods. The first method is a transfer and is the method that is recommended. You can use the first method if both computers are running. Use the second method if the FSMO roles holder is offline. The second method requires you to use the Ntdsutil.exe tool to seize the roles.

Note Only seize the FSMO roles to the remaining Active Directory domain controllers if you are removing the FSMO role holder from the domain or forest.

To seize or transfer the FSMO roles by using Ntdsutil, follow these steps:
1.      On any domain controller, click Start, click Run, type ntdsutil in the Open box, and then click OK.

Note Microsoft recommends that you use the domain controller that is taking the FSMO roles.
2.      Type roles, and then press ENTER.

To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.
3.      Type connections, and then press ENTER.
4.      Type connect to server servername, where servername is the name of the server you want to use, and then press ENTER.
5.      At the server connections: prompt, type q, and then press ENTER again.
6.      Type seize role, where role is the role you want to seize. For a list of roles that you can seize, type ? at the Fsmo maintenance: prompt, and then press ENTER, or consult the list of roles at the beginning of this article. For example, to seize the RID Master role, you would type seize rid master. The one exception is for the PDC Emulator role, whose syntax would be "seize pdc" and not "seize pdc emulator".

Note All five roles need to be in the forest. If the first domain controller is out of the forest then seize all roles. Determine which roles are to be on which remaining domain controllers so that all five roles are not on only one server.

Microsoft recommends that you only seize all roles when the other domain controller is not returning to the domain, otherwise fix the broken domain controller with the roles.

If the original domain controller with the FSMO roles is still online, transfer the roles. Type transfer role.
7.      After you seize or transfer the roles, type q, and then press ENTER until you quit the Ntdsutil tool.
Note Do not put the Infrastructure Master role on the same domain controller as the global catalogue.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;197132

To check if a domain controller is also a global catalogue server:
1.      Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2.      Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available.
3.      Open the Servers folder, and then click the domain controller.
4.      In the domain controller's folder, double-click NTDS Settings.
5.      On the Action menu, click Properties.
6.      On the General tab, locate the Global Catalogue check box to see if it is selected.
*****References*****

Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller
http://support.microsoft.com/?kbid=255504

Windows 2000 Active Directory FSMO Roles
http://support.microsoft.com/default.aspx?scid=kb;EN-US;197132

Flexible Single Master Operation Transfer and Seizure Process
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223787
0
 
MicrotechCommented:
Hi gtimmons,

you will need to run dcpromo from the run prompt. but before you junk your old server you will need to transfer the fsmo roles over, i will find the ms docs

Hope This helps
0
 
MicrotechCommented:
or pete will answer you :)
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
Pete LongTechnical ConsultantCommented:
Microtech,
:)
Pete
0
 
gtimmonsAuthor Commented:
I tried running DCPromo but it failed, said it could not initialize.  The server I am going to be using is currently our DNS server, is that a problem?
0
 
MicrotechCommented:
the dns server is not a problem with promoting, but dns could be the problem when running dcpromo, what is the exact message you get when trying to run dcpromo?
0
 
gtimmonsAuthor Commented:
"The application failed to initialize properly (0Xc0000142). Click OK to terminate"
0
 
MicrotechCommented:
silly question but you are running as an admin?
0
 
gtimmonsAuthor Commented:
yes, logged on as administrator, not local admin but domain admin.
0
 
MicrotechCommented:
you could try and re-install sp4...
0
 
gtimmonsAuthor Commented:
Same issue, after re-installing SP4
0
 
rhinocerosCommented:
But you must check the configuration of your DNS server again. Because the formal AD DNS, you should see four new child nodes: _msdcs, _sites, _tcp, and _udp in there... If not, you should rebuild DNS server before DCPromo.

I hope it can help.



0
 
Pete LongTechnical ConsultantCommented:
my vote is on a DNS issue :) what is set as the DNS address on the server you are trying to promote?
0
 
gtimmonsAuthor Commented:
The DNS IP address is the IP address of the machine. 172.16.1.11, this is what is in the DNS field.
0
 
Pete LongTechnical ConsultantCommented:
from command line

nslookup <name of the other domain controller>

nslookup <your domain name>

does it resolve?
0
 
gtimmonsAuthor Commented:
C:\Documents and Settings\administrator.DXCG.COM>nslookup dxcg
*** Can't find server name for address 172.16.1.11: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  172.16.1.11

Name:    dxcg.dxcg.com
Address:  172.16.1.2


C:\Documents and Settings\administrator.DXCG.COM>nslookup dxcg.com
*** Can't find server name for address 172.16.1.11: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  172.16.1.11

Name:    dxcg.com
Address:  172.16.1.2
0
 
kelo501Commented:
add your domain name in the TCP/IP properties page of the server.  Add a "A" record for it in the Forward lookup zone.  
Question in you FLZ what is the record for the SOA?
0
 
gtimmonsAuthor Commented:
the domain name is already in my TCP setting, and the A record already exists.  SOA primary server is naboo.dxcg.com.
0
 
gtimmonsAuthor Commented:
any ideas?
0
 
kelo501Commented:
Gtinnons,
have you ran DCDIAG or NETDIAG on you DC?  If not please do.  They are on the cd under support tools.

They are easy to run and "CAN BE" very helpful.

Once you install the suport tools from the 2000 server disk.  *just double click the MSI installer*
the at the CLI command line.  type the command and /?.  There is not alot to it but make sure you | to a file.

Run both of this and see what you have.  Alot of the errors can be found in the MS knowledgebase, but please let me know what you get.

Good luck,
Kelo501

0
 
gtimmonsAuthor Commented:
I ran dcdiag and netdiag and both passed all tests.  I then tried running dcpromo on a different machine and got the same initailization error.
0
 
kelo501Commented:
can you add DNS to the DC?
set it up as AD intagrated.
I have a feeling that the other DNS server is notproviding the correct svr records for your domin.

How big is you enviroment?  10 users 100, 1000  
Do you have exchange?
Are there over 50 shares?

It may be faster to bring up a new domain and migrate the accounts accross at this point with ADMT or CSVDE.   Only if once DNS is in a known good configuration and we are still having the issue.

Let me look at something eles but try that.  Setup dns on DC and point the machine you are trying to dcpromo to the  DC for DNS
0
 
kelo501Commented:
I forgot to send the other post before I went in seach of this...

please try this and let me know what you get.

At a command prompt, type nslookup, and then press ENTER.
Type set q=srv and press ENTER.
Type _ldap._tcp.FQDN where FQDN represents the domain controller's FQDN.

kelo501
0
 
gtimmonsAuthor Commented:
sorry, FQDN ?
0
 
gtimmonsAuthor Commented:
small environment, about 50 users.  Yes, we have Exchange 2000, under 50 shares
0
 
gtimmonsAuthor Commented:
when I did the nslookup you suggested I got this:

dns1-access.svc.us.xo.net can't find _Ldap._tcp.dxcg.com: Non-existent domain.
0
 
gtimmonsAuthor Commented:
I did notice that my current PDC is Windows 2K SP3, not sure if that is affecting anything.
0
 
kelo501Commented:
FQDN = fully qualified domain name  example:  noboo.dxcg.com server_name.domain.com
0
 
kelo501Commented:
is this a 2000 sbs server?
0
 
gtimmonsAuthor Commented:
No, not a small business server.
0
 
gtimmonsAuthor Commented:
is there a specific way to tell if it is an SBS server?
0
 
gtimmonsAuthor Commented:
when I look under computer management and system info it says for OS: Microsoft Windows Powered
0
 
gtimmonsAuthor Commented:
Is it OK to have my Exchange server become the PCD or is this not recommended?
0
 
kelo501Commented:
sure just run "winver" at the run line
start>run> "winver"

I would strongly recomend against making your exchange box a domain controller.

0
 
Pete LongTechnical ConsultantCommented:
ThanQ
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 17
  • 7
  • 5
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now