Domain Controller Trouble when running DCDiag.exe on Windows 2003 Server

Posted on 2004-10-19
Last Modified: 2010-08-05
I am currently Migrating from Exchange Server 5.5 running on an NT Server to Exchange 2003 running on a Windows 2003 Server(computer name: exchange-2003). One of the steps in this process is to run the DCDiag Tool on exchange-2003.  When I run DCDiag.exe I get the following error:

***Error: exchange-2003 is not a DC. Must specify /s:<Domain Controller> or /n:<Naming Contex> or nothing to use local machine

I already have a Domain controller running on an NT machine called MyDC. So I ran the following:

DCDiag /s:MyDC

I got the following error:
[MyDC]  LDAP search falied with error 58. The specified server can not perform the requested operation.
***Error: The machine, MyDC could not be contacted because of a bad net response. Check to make sure that this machine is a domain contoller.

Now I'm guessing I got this error because MyDC does not use Active Directory which runs on the LDAP port.

So now what should I do?

1. Do I promote exchange-2003 to Domain controller for the purposes of running DCDiag and then demote it? What are the consequences of doing this?

2. If I do promote exchange-2003, should I do this through the NT machine or through the Active Directory Wizard on the Windows 2003 Server?

3. How do I demote exchange-2003? dcpromo? How is dcpromo used?

4. Once demoted, will exchange-2003 continue to run Active Directory so that I may continue with the Migration from Exchange Server 5.5? How do I check this?

Please include as much detail as possible with your answers..this question is worth 500 points..Thanks
Question by:Tom_wbi
  • 5
  • 3
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Exchange 2003 expects (and requires) an Active Directory Domain. If I have the right impression from the above you don't actually have Active Directory running yet. As such you won't be able to get Exchange up and running on there - temporary promotion and demotion is not the answer, you need AD to run Exchange 2003.

So, you need to come up with a migration plan from an NT based Domain to an Active Directory based Domain. This is a group of documents from Microsoft on the process:

Hopefully, once you have covered those the answers to the rest of your questions will be clear.

Please post back if you need more assistance with this.

Author Comment

Comment Utility
So what you're saying is that I will need to create a new Active Directory Domain with my Windows 2003 Server(exchange server) as the Domain Controller? Then I have to move all of my NT machines from the NT Domain to the Active Directory Domain? If this is the case, how will the functions handled by my current Domain Controller be affected? Will I need to demote the exchange server and promote my current domain controller in this new Active Directory Domain?
LVL 70

Accepted Solution

Chris Dent earned 500 total points
Comment Utility

In effect yes.

Not necessarily on the Exchange Server, but in order to run Exchange 2000 or 2003 you need to have Active Directory in place.

If you describe some of the functions your current DCs have we can work out those.

You should definately cover the documentation in the link I posted above, there's a lot of changes moving from NT to 2000 / 2003 and good planning, with testing off the domain if you can, will save you a lot of headaches during any upgrade.

One of the best methods (best = safest) for upgrading from NT to Active Directory is:

1. Create the backup plan...
 - Add a new Server to the Domain as a Backup Domain Controller (Windows NT)
 - Let it do all it's replication bits
 - Take it off the Domain and stick it somewhere safe. Don't plug it in again or anything, but now you have a copy  of your NT domain nice and safe.

2. Check all your Hardware...
 - No point in upgrading if your hardware won't handle it

3. Upgrade the current Primary Domain Controller to Windows 2003 with Active Directory.
 - This is where the fun begins, if you're not happy doing it on your current PDC promote another in it's place to handle the task
 - Upgrade the Operating System to Windows 2000 / 2003 Server
 - Install Active Directory (this will ask you to install DNS in the process)
 - Install DHCP (DNS updates from DHCP in 2003)

4. Upgrade the remaining Backup Domain Controllers
 - They can operate as Backup Domain Controllers for Active Directory, but they'll do a much better job as 200 0 / 2003 servers

5. Upgrade any remaining Member Servers
 - Again NT 4 will run on the 2000 / 2003 Domain, but it works better without

This is a big upgrade, and the job shouldn't be underestimated.

Make sure you learn enough about DNS so you know what it expects (if you don't already).
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Oh, just to clarify. To keep the work on your side to a minimum I highly recommend the In-Place upgrade.

Parallel domains are fine too (provided the domain name is not the same), but more work involved in moving all your users, computers and anything else across.

Once you have your Domain up and running (assuming of course you go ahead) I'd recommend installing Exchange 2003 as a Second Server in your Exchange 5.5 site. Please check up on the documentation to remove the final Exchange 5.5 Server in the site before you go that far though.

Please post again if you need more information.
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.


Author Comment

Comment Utility
Thanks a lot for your have been very helpful.

Last thing, do I have to upgrade my NT operating systems to Windows 2003 (I would rather leave them with NT)? I created a new Active Directory Domain where my exchange server is the domain controller. So now I have two domains. My plan was to just add all of my NT servers to this new domain and not upgrade any software. Will this work, or do all the servers in an Active Directory Domain have to run Active Directory?

Thanks again
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

They can run NT so long as you have AD installed in Mixed Mode (which happens by default).

It would be a very good idea to get a few Backup Domain Controllers onto your new AD Domain (not NT 4 if possible). Maybe spread out the FSMO Roles and a few more Global Catalogs (logon server).

FMSO Roles are described here:

You should be able to set up a Trust Relationship between your domains though (if you haven't already) which will help with the migration. You sometimes get a few problems with the NetBIOS Naming NT insists on, but rarely a big issue.

While your domain is just starting I would strongly advise that you avoid Public domain names (anything with .com, .org, etc etc) and name your domain mydomain.local or something similar. This saves potential problems later. If you already named it something public there's a tool to rename it here:

Much better to sort these things out while it's getting installed.

One final note.

If you find yourself checking out Group Policies, be really really careful what you do with the Default Domain Controller Policy. You can very easily break your domain by changing that one incorrectly.

Author Comment

Comment Utility
Thanks for all your help
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Pleasure, hope you get it all working.

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Suggested Solutions

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now