Solved

New PDC in Windows 2000

Posted on 2004-09-01
35
369 Views
Last Modified: 2010-04-13
I currently have an old server that is running Windows 2000 Server, SP4.  This server is our PDC.  We are about to junk this server, it's very old and slow, so I need to promote one of my other servers, running Windows 2K, SP4, to our PDC.  How do I do this?
Thanks,
0
Comment
Question by:gtimmons
  • 17
  • 7
  • 5
  • +2
35 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 11951604
New Domain Controller

First DON’T consider using a cloning tool like Norton/Symantec Ghost to make an image of the server, this is fraught with pitfalls!
Consider keeping the old Domain Controller running, having two domain controllers build redundancy/Fault tolerance into your network.

1.      Build the new server in the live environment, put on all the relevant service packs (remember MS service packs are inclusive, SP2 includes SP1 etc) and join the server to the domain (You Must have the rights to do this)
2.      Promote the New server to a domain controller by running DCPromo (The server MUST be able to see DNS or it will fail) to run DC Promo Click Start >Run >type “dcpromo” {enter}
3.      When the server has finished and rebooted, you need to make the decision on weather to keep the old Domain Controller (I would say yes) If you do then your job is finished.
4.      You will now need to “seize” the FSMO roles there are 5 FSMO roles which are

·      Schema master - Forest-wide and one per forest.
·      Domain naming master - Forest-wide and one per forest.
·      RID master - Domain-specific and one for each domain.
·      PDC - PDC Emulator is domain-specific and one for each domain.
·      Infrastructure master - Domain-specific and one for each domain.
5.      To do this you need to use the “ntdsutil” tool

To move the FSMO roles from one computer to another, you can use two different methods. The first method is a transfer and is the method that is recommended. You can use the first method if both computers are running. Use the second method if the FSMO roles holder is offline. The second method requires you to use the Ntdsutil.exe tool to seize the roles.

Note Only seize the FSMO roles to the remaining Active Directory domain controllers if you are removing the FSMO role holder from the domain or forest.

To seize or transfer the FSMO roles by using Ntdsutil, follow these steps:
1.      On any domain controller, click Start, click Run, type ntdsutil in the Open box, and then click OK.

Note Microsoft recommends that you use the domain controller that is taking the FSMO roles.
2.      Type roles, and then press ENTER.

To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.
3.      Type connections, and then press ENTER.
4.      Type connect to server servername, where servername is the name of the server you want to use, and then press ENTER.
5.      At the server connections: prompt, type q, and then press ENTER again.
6.      Type seize role, where role is the role you want to seize. For a list of roles that you can seize, type ? at the Fsmo maintenance: prompt, and then press ENTER, or consult the list of roles at the beginning of this article. For example, to seize the RID Master role, you would type seize rid master. The one exception is for the PDC Emulator role, whose syntax would be "seize pdc" and not "seize pdc emulator".

Note All five roles need to be in the forest. If the first domain controller is out of the forest then seize all roles. Determine which roles are to be on which remaining domain controllers so that all five roles are not on only one server.

Microsoft recommends that you only seize all roles when the other domain controller is not returning to the domain, otherwise fix the broken domain controller with the roles.

If the original domain controller with the FSMO roles is still online, transfer the roles. Type transfer role.
7.      After you seize or transfer the roles, type q, and then press ENTER until you quit the Ntdsutil tool.
Note Do not put the Infrastructure Master role on the same domain controller as the global catalogue.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;197132

To check if a domain controller is also a global catalogue server:
1.      Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2.      Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available.
3.      Open the Servers folder, and then click the domain controller.
4.      In the domain controller's folder, double-click NTDS Settings.
5.      On the Action menu, click Properties.
6.      On the General tab, locate the Global Catalogue check box to see if it is selected.
*****References*****

Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller
http://support.microsoft.com/?kbid=255504

Windows 2000 Active Directory FSMO Roles
http://support.microsoft.com/default.aspx?scid=kb;EN-US;197132

Flexible Single Master Operation Transfer and Seizure Process
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223787
0
 
LVL 17

Expert Comment

by:Microtech
ID: 11951607
Hi gtimmons,

you will need to run dcpromo from the run prompt. but before you junk your old server you will need to transfer the fsmo roles over, i will find the ms docs

Hope This helps
0
 
LVL 17

Expert Comment

by:Microtech
ID: 11951614
or pete will answer you :)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11951657
Microtech,
:)
Pete
0
 

Author Comment

by:gtimmons
ID: 11952274
I tried running DCPromo but it failed, said it could not initialize.  The server I am going to be using is currently our DNS server, is that a problem?
0
 
LVL 17

Expert Comment

by:Microtech
ID: 11952630
the dns server is not a problem with promoting, but dns could be the problem when running dcpromo, what is the exact message you get when trying to run dcpromo?
0
 

Author Comment

by:gtimmons
ID: 11952870
"The application failed to initialize properly (0Xc0000142). Click OK to terminate"
0
 
LVL 17

Expert Comment

by:Microtech
ID: 11952964
silly question but you are running as an admin?
0
 

Author Comment

by:gtimmons
ID: 11953040
yes, logged on as administrator, not local admin but domain admin.
0
 
LVL 17

Expert Comment

by:Microtech
ID: 11953041
you could try and re-install sp4...
0
 

Author Comment

by:gtimmons
ID: 11953202
Same issue, after re-installing SP4
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 11954027
But you must check the configuration of your DNS server again. Because the formal AD DNS, you should see four new child nodes: _msdcs, _sites, _tcp, and _udp in there... If not, you should rebuild DNS server before DCPromo.

I hope it can help.



0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11956004
my vote is on a DNS issue :) what is set as the DNS address on the server you are trying to promote?
0
 

Author Comment

by:gtimmons
ID: 11956021
The DNS IP address is the IP address of the machine. 172.16.1.11, this is what is in the DNS field.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11956089
from command line

nslookup <name of the other domain controller>

nslookup <your domain name>

does it resolve?
0
 

Author Comment

by:gtimmons
ID: 11957632
C:\Documents and Settings\administrator.DXCG.COM>nslookup dxcg
*** Can't find server name for address 172.16.1.11: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  172.16.1.11

Name:    dxcg.dxcg.com
Address:  172.16.1.2


C:\Documents and Settings\administrator.DXCG.COM>nslookup dxcg.com
*** Can't find server name for address 172.16.1.11: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  172.16.1.11

Name:    dxcg.com
Address:  172.16.1.2
0
 
LVL 3

Expert Comment

by:kelo501
ID: 11959956
add your domain name in the TCP/IP properties page of the server.  Add a "A" record for it in the Forward lookup zone.  
Question in you FLZ what is the record for the SOA?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:gtimmons
ID: 11964045
the domain name is already in my TCP setting, and the A record already exists.  SOA primary server is naboo.dxcg.com.
0
 

Author Comment

by:gtimmons
ID: 11996256
any ideas?
0
 
LVL 3

Expert Comment

by:kelo501
ID: 11996443
Gtinnons,
have you ran DCDIAG or NETDIAG on you DC?  If not please do.  They are on the cd under support tools.

They are easy to run and "CAN BE" very helpful.

Once you install the suport tools from the 2000 server disk.  *just double click the MSI installer*
the at the CLI command line.  type the command and /?.  There is not alot to it but make sure you | to a file.

Run both of this and see what you have.  Alot of the errors can be found in the MS knowledgebase, but please let me know what you get.

Good luck,
Kelo501

0
 

Author Comment

by:gtimmons
ID: 11996930
I ran dcdiag and netdiag and both passed all tests.  I then tried running dcpromo on a different machine and got the same initailization error.
0
 
LVL 3

Expert Comment

by:kelo501
ID: 11999685
can you add DNS to the DC?
set it up as AD intagrated.
I have a feeling that the other DNS server is notproviding the correct svr records for your domin.

How big is you enviroment?  10 users 100, 1000  
Do you have exchange?
Are there over 50 shares?

It may be faster to bring up a new domain and migrate the accounts accross at this point with ADMT or CSVDE.   Only if once DNS is in a known good configuration and we are still having the issue.

Let me look at something eles but try that.  Setup dns on DC and point the machine you are trying to dcpromo to the  DC for DNS
0
 
LVL 3

Expert Comment

by:kelo501
ID: 11999706
I forgot to send the other post before I went in seach of this...

please try this and let me know what you get.

At a command prompt, type nslookup, and then press ENTER.
Type set q=srv and press ENTER.
Type _ldap._tcp.FQDN where FQDN represents the domain controller's FQDN.

kelo501
0
 

Author Comment

by:gtimmons
ID: 11999850
sorry, FQDN ?
0
 

Author Comment

by:gtimmons
ID: 11999860
small environment, about 50 users.  Yes, we have Exchange 2000, under 50 shares
0
 

Author Comment

by:gtimmons
ID: 11999913
when I did the nslookup you suggested I got this:

dns1-access.svc.us.xo.net can't find _Ldap._tcp.dxcg.com: Non-existent domain.
0
 

Author Comment

by:gtimmons
ID: 11999937
I did notice that my current PDC is Windows 2K SP3, not sure if that is affecting anything.
0
 
LVL 3

Expert Comment

by:kelo501
ID: 12000029
FQDN = fully qualified domain name  example:  noboo.dxcg.com server_name.domain.com
0
 
LVL 3

Expert Comment

by:kelo501
ID: 12000037
is this a 2000 sbs server?
0
 

Author Comment

by:gtimmons
ID: 12000159
No, not a small business server.
0
 

Author Comment

by:gtimmons
ID: 12006771
is there a specific way to tell if it is an SBS server?
0
 

Author Comment

by:gtimmons
ID: 12006910
when I look under computer management and system info it says for OS: Microsoft Windows Powered
0
 

Author Comment

by:gtimmons
ID: 12006987
Is it OK to have my Exchange server become the PCD or is this not recommended?
0
 
LVL 3

Expert Comment

by:kelo501
ID: 12010227
sure just run "winver" at the run line
start>run> "winver"

I would strongly recomend against making your exchange box a domain controller.

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12534978
ThanQ
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now