Active Directory - The specified domain does not exist or could not be contacted

Posted on 2004-09-04
Medium Priority
Last Modified: 2008-01-09
I have a Win 2000 server that is old and needs replacement. I have a new machine, fresh install.
It has DNS, and uses itself as dns in network configuration. I have run DCPROMO and marked it as global catalog, confimed by event 1119. The old server is still flagged as Global Catalog.

The problem - if i shut the other server down I can no longer access Active Directory information. I cannot add permissions to shares and I cannot view the Active Diretory tree for the domain.

But if I open Active Diretory Users And Computers, Click Action and Connect to Domain Controller and select the new machine I have the whole active diretory tree there, even with the old server down.

I am now terrified of a hardware failure. So far everything is working (both machines up) but I need to be able to turn the old server off. It will fail soon.

Thanks for the help, Roberto.
Question by:rmaranhao
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 23

Expert Comment

by:Saqib Khan
ID: 11981590
Maybe You Should Run Dcpromo on the OLD Machine and demote it.
LVL 23

Expert Comment

by:Saqib Khan
ID: 11981591
and one more thing.
When you Ran Dcpromo on the New MAchine, which option did you choose?

Make sure you choosed Addition Domain in the Exisiting Domain.
LVL 16

Accepted Solution

JamesDS earned 2000 total points
ID: 11981856
You need to transfer the FSMOs off the old DC and decommission it gracefully

Read this:
Use the section "Using the Ntdsutil Tool for Role Placement"

DON'T sieze the roles, transfer them.

Once you have transferred the roles, run DCPROMO on the old machine and fully the wizard to remove AD from it, then remove it from the domain.


Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.


Author Comment

ID: 11982274
I chose aditional domain controller. What chills my spine when I think about seizing the role is this: If I demote the old machine and my problem I DNS related, then my networks goes .....

How can I be shure I have the correct settings in the new machine? Why doesn't the new machine allow me to see the active directory tree? I haven't made any changes to the active diretory and so far I am not worried about errors when an user tries to change his/her password.

What concerns me is that I have a new machine, running AD and DNS and when the old machine is down ALL the Active Directory functions, including domain logon, fail.

James, I read the link you sent and undestood most of it. Please correct me if I'm wrong but shoudn't the new machine at least authenticate user logons ?

Thanks for all the help.
LVL 16

Expert Comment

ID: 11983791
If the new DC is running DNS and it is configured for dynamic update, then once GC and all the FSMO roles are TRANSFERRED (NOT SIEZED) there is no reason why the old one cannot be taken down.

The reason your logons are failing is likely due to the database not fully replicating - which is probably DNS related.

Make sure that the DNS service for the new DC contains the full AD zone tree and all the _MSDCS entries for your domain.
Also make sure that the content of the SYSVOL Folders on each machine are the same - SYSVOL contains your GPOs and is usually the last thing to be replicated.

Use the REPLMON tool from the support tools pack of the CD (\support) to connect to each DC and see if it is replicating ok, you can rightclick on each DC and select replicate this DC and also kick off the topology generator

So long as the AD is replicated to the second DC then even if it all fails it is still recoverable without the need to restore (I have done a few of those!)


LVL 85

Expert Comment

ID: 11985001
At the moment, your problem is here: "It has DNS, and uses itself as dns in network configuration." Since this is an additional DC, its first DNS entry should point to your first DNS server, and only the secondary DNS entry should point to itself. Your first DC should only point to itself.

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003

As for shutting down the old server, there's basically no need to transfer the roles from the W2k machine manually; but under *no* circumstances simply shut it down and throw it away or install something else on it, like it was possible in NT4. Demote the W2k DC first, and the FSMO roles should be transferred during this process. Once you run dcpromo to demote the old server, it will move the FSMO roles that are still on the DC you're demoting.
Removing Active Directory from a Domain Controller
NOTE: When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller.

Then depending on your DNS setup (if you have a primary zone on your first DNS and a secondary on your second), you might have to change the SOA in your DNS from your old DNS to the new one.

HOW TO: Promote and Demote Domain Controllers in Windows 2000

Here's some more about transferring roles:

Flexible Single Master Operation Transfer and Seizure Process

HOW TO: View and Transfer FSMO Roles in the Graphical User Interface

FSMO Placement and Optimization on Windows 2000 Domain Controllers

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
With its various features, Office 365 can not only help you with your day-to-day business tasks, it can also do wonders for your marketing campaign.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question