Domain Controller Trouble when running DCDiag.exe on Windows 2003 Server

I am currently Migrating from Exchange Server 5.5 running on an NT Server to Exchange 2003 running on a Windows 2003 Server(computer name: exchange-2003). One of the steps in this process is to run the DCDiag Tool on exchange-2003.  When I run DCDiag.exe I get the following error:

***Error: exchange-2003 is not a DC. Must specify /s:<Domain Controller> or /n:<Naming Contex> or nothing to use local machine

I already have a Domain controller running on an NT machine called MyDC. So I ran the following:

DCDiag /s:MyDC

I got the following error:
[MyDC]  LDAP search falied with error 58. The specified server can not perform the requested operation.
***Error: The machine, MyDC could not be contacted because of a bad net response. Check to make sure that this machine is a domain contoller.

Now I'm guessing I got this error because MyDC does not use Active Directory which runs on the LDAP port.

So now what should I do?

1. Do I promote exchange-2003 to Domain controller for the purposes of running DCDiag and then demote it? What are the consequences of doing this?

2. If I do promote exchange-2003, should I do this through the NT machine or through the Active Directory Wizard on the Windows 2003 Server?

3. How do I demote exchange-2003? dcpromo? How is dcpromo used?

4. Once demoted, will exchange-2003 continue to run Active Directory so that I may continue with the Migration from Exchange Server 5.5? How do I check this?

Please include as much detail as possible with your answers..this question is worth 500 points..Thanks
Who is Participating?
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

In effect yes.

Not necessarily on the Exchange Server, but in order to run Exchange 2000 or 2003 you need to have Active Directory in place.

If you describe some of the functions your current DCs have we can work out those.

You should definately cover the documentation in the link I posted above, there's a lot of changes moving from NT to 2000 / 2003 and good planning, with testing off the domain if you can, will save you a lot of headaches during any upgrade.

One of the best methods (best = safest) for upgrading from NT to Active Directory is:

1. Create the backup plan...
 - Add a new Server to the Domain as a Backup Domain Controller (Windows NT)
 - Let it do all it's replication bits
 - Take it off the Domain and stick it somewhere safe. Don't plug it in again or anything, but now you have a copy  of your NT domain nice and safe.

2. Check all your Hardware...
 - No point in upgrading if your hardware won't handle it

3. Upgrade the current Primary Domain Controller to Windows 2003 with Active Directory.
 - This is where the fun begins, if you're not happy doing it on your current PDC promote another in it's place to handle the task
 - Upgrade the Operating System to Windows 2000 / 2003 Server
 - Install Active Directory (this will ask you to install DNS in the process)
 - Install DHCP (DNS updates from DHCP in 2003)

4. Upgrade the remaining Backup Domain Controllers
 - They can operate as Backup Domain Controllers for Active Directory, but they'll do a much better job as 200 0 / 2003 servers

5. Upgrade any remaining Member Servers
 - Again NT 4 will run on the 2000 / 2003 Domain, but it works better without

This is a big upgrade, and the job shouldn't be underestimated.

Make sure you learn enough about DNS so you know what it expects (if you don't already).
Chris DentPowerShell DeveloperCommented:

Exchange 2003 expects (and requires) an Active Directory Domain. If I have the right impression from the above you don't actually have Active Directory running yet. As such you won't be able to get Exchange up and running on there - temporary promotion and demotion is not the answer, you need AD to run Exchange 2003.

So, you need to come up with a migration plan from an NT based Domain to an Active Directory based Domain. This is a group of documents from Microsoft on the process:

Hopefully, once you have covered those the answers to the rest of your questions will be clear.

Please post back if you need more assistance with this.
Tom_wbiAuthor Commented:
So what you're saying is that I will need to create a new Active Directory Domain with my Windows 2003 Server(exchange server) as the Domain Controller? Then I have to move all of my NT machines from the NT Domain to the Active Directory Domain? If this is the case, how will the functions handled by my current Domain Controller be affected? Will I need to demote the exchange server and promote my current domain controller in this new Active Directory Domain?
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

Chris DentPowerShell DeveloperCommented:

Oh, just to clarify. To keep the work on your side to a minimum I highly recommend the In-Place upgrade.

Parallel domains are fine too (provided the domain name is not the same), but more work involved in moving all your users, computers and anything else across.

Once you have your Domain up and running (assuming of course you go ahead) I'd recommend installing Exchange 2003 as a Second Server in your Exchange 5.5 site. Please check up on the documentation to remove the final Exchange 5.5 Server in the site before you go that far though.

Please post again if you need more information.
Tom_wbiAuthor Commented:
Thanks a lot for your have been very helpful.

Last thing, do I have to upgrade my NT operating systems to Windows 2003 (I would rather leave them with NT)? I created a new Active Directory Domain where my exchange server is the domain controller. So now I have two domains. My plan was to just add all of my NT servers to this new domain and not upgrade any software. Will this work, or do all the servers in an Active Directory Domain have to run Active Directory?

Thanks again
Chris DentPowerShell DeveloperCommented:

They can run NT so long as you have AD installed in Mixed Mode (which happens by default).

It would be a very good idea to get a few Backup Domain Controllers onto your new AD Domain (not NT 4 if possible). Maybe spread out the FSMO Roles and a few more Global Catalogs (logon server).

FMSO Roles are described here:

You should be able to set up a Trust Relationship between your domains though (if you haven't already) which will help with the migration. You sometimes get a few problems with the NetBIOS Naming NT insists on, but rarely a big issue.

While your domain is just starting I would strongly advise that you avoid Public domain names (anything with .com, .org, etc etc) and name your domain mydomain.local or something similar. This saves potential problems later. If you already named it something public there's a tool to rename it here:

Much better to sort these things out while it's getting installed.

One final note.

If you find yourself checking out Group Policies, be really really careful what you do with the Default Domain Controller Policy. You can very easily break your domain by changing that one incorrectly.
Tom_wbiAuthor Commented:
Thanks for all your help
Chris DentPowerShell DeveloperCommented:

Pleasure, hope you get it all working.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.