Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Domain Controller Trouble when running DCDiag.exe on Windows 2003 Server

Posted on 2004-10-19
Medium Priority
Last Modified: 2010-08-05
I am currently Migrating from Exchange Server 5.5 running on an NT Server to Exchange 2003 running on a Windows 2003 Server(computer name: exchange-2003). One of the steps in this process is to run the DCDiag Tool on exchange-2003.  When I run DCDiag.exe I get the following error:

***Error: exchange-2003 is not a DC. Must specify /s:<Domain Controller> or /n:<Naming Contex> or nothing to use local machine

I already have a Domain controller running on an NT machine called MyDC. So I ran the following:

DCDiag /s:MyDC

I got the following error:
[MyDC]  LDAP search falied with error 58. The specified server can not perform the requested operation.
***Error: The machine, MyDC could not be contacted because of a bad net response. Check to make sure that this machine is a domain contoller.

Now I'm guessing I got this error because MyDC does not use Active Directory which runs on the LDAP port.

So now what should I do?

1. Do I promote exchange-2003 to Domain controller for the purposes of running DCDiag and then demote it? What are the consequences of doing this?

2. If I do promote exchange-2003, should I do this through the NT machine or through the Active Directory Wizard on the Windows 2003 Server?

3. How do I demote exchange-2003? dcpromo? How is dcpromo used?

4. Once demoted, will exchange-2003 continue to run Active Directory so that I may continue with the Migration from Exchange Server 5.5? How do I check this?

Please include as much detail as possible with your answers..this question is worth 500 points..Thanks
Question by:Tom_wbi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 71

Expert Comment

by:Chris Dent
ID: 12356576

Exchange 2003 expects (and requires) an Active Directory Domain. If I have the right impression from the above you don't actually have Active Directory running yet. As such you won't be able to get Exchange up and running on there - temporary promotion and demotion is not the answer, you need AD to run Exchange 2003.

So, you need to come up with a migration plan from an NT based Domain to an Active Directory based Domain. This is a group of documents from Microsoft on the process:


Hopefully, once you have covered those the answers to the rest of your questions will be clear.

Please post back if you need more assistance with this.

Author Comment

ID: 12360386
So what you're saying is that I will need to create a new Active Directory Domain with my Windows 2003 Server(exchange server) as the Domain Controller? Then I have to move all of my NT machines from the NT Domain to the Active Directory Domain? If this is the case, how will the functions handled by my current Domain Controller be affected? Will I need to demote the exchange server and promote my current domain controller in this new Active Directory Domain?
LVL 71

Accepted Solution

Chris Dent earned 1500 total points
ID: 12361201

In effect yes.

Not necessarily on the Exchange Server, but in order to run Exchange 2000 or 2003 you need to have Active Directory in place.

If you describe some of the functions your current DCs have we can work out those.

You should definately cover the documentation in the link I posted above, there's a lot of changes moving from NT to 2000 / 2003 and good planning, with testing off the domain if you can, will save you a lot of headaches during any upgrade.

One of the best methods (best = safest) for upgrading from NT to Active Directory is:

1. Create the backup plan...
 - Add a new Server to the Domain as a Backup Domain Controller (Windows NT)
 - Let it do all it's replication bits
 - Take it off the Domain and stick it somewhere safe. Don't plug it in again or anything, but now you have a copy  of your NT domain nice and safe.

2. Check all your Hardware...
 - No point in upgrading if your hardware won't handle it

3. Upgrade the current Primary Domain Controller to Windows 2003 with Active Directory.
 - This is where the fun begins, if you're not happy doing it on your current PDC promote another in it's place to handle the task
 - Upgrade the Operating System to Windows 2000 / 2003 Server
 - Install Active Directory (this will ask you to install DNS in the process)
 - Install DHCP (DNS updates from DHCP in 2003)

4. Upgrade the remaining Backup Domain Controllers
 - They can operate as Backup Domain Controllers for Active Directory, but they'll do a much better job as 200 0 / 2003 servers

5. Upgrade any remaining Member Servers
 - Again NT 4 will run on the 2000 / 2003 Domain, but it works better without

This is a big upgrade, and the job shouldn't be underestimated.

Make sure you learn enough about DNS so you know what it expects (if you don't already).
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

LVL 71

Expert Comment

by:Chris Dent
ID: 12361263

Oh, just to clarify. To keep the work on your side to a minimum I highly recommend the In-Place upgrade.

Parallel domains are fine too (provided the domain name is not the same), but more work involved in moving all your users, computers and anything else across.

Once you have your Domain up and running (assuming of course you go ahead) I'd recommend installing Exchange 2003 as a Second Server in your Exchange 5.5 site. Please check up on the documentation to remove the final Exchange 5.5 Server in the site before you go that far though.

Please post again if you need more information.

Author Comment

ID: 12361924
Thanks a lot for your answers..you have been very helpful.

Last thing, do I have to upgrade my NT operating systems to Windows 2003 (I would rather leave them with NT)? I created a new Active Directory Domain where my exchange server is the domain controller. So now I have two domains. My plan was to just add all of my NT servers to this new domain and not upgrade any software. Will this work, or do all the servers in an Active Directory Domain have to run Active Directory?

Thanks again
LVL 71

Expert Comment

by:Chris Dent
ID: 12362097

They can run NT so long as you have AD installed in Mixed Mode (which happens by default).

It would be a very good idea to get a few Backup Domain Controllers onto your new AD Domain (not NT 4 if possible). Maybe spread out the FSMO Roles and a few more Global Catalogs (logon server).

FMSO Roles are described here:


You should be able to set up a Trust Relationship between your domains though (if you haven't already) which will help with the migration. You sometimes get a few problems with the NetBIOS Naming NT insists on, but rarely a big issue.

While your domain is just starting I would strongly advise that you avoid Public domain names (anything with .com, .org, etc etc) and name your domain mydomain.local or something similar. This saves potential problems later. If you already named it something public there's a tool to rename it here:


Much better to sort these things out while it's getting installed.

One final note.

If you find yourself checking out Group Policies, be really really careful what you do with the Default Domain Controller Policy. You can very easily break your domain by changing that one incorrectly.

Author Comment

ID: 12362239
Thanks for all your help
LVL 71

Expert Comment

by:Chris Dent
ID: 12362371

Pleasure, hope you get it all working.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question