Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Move DC to new computer but behavior did not change

Posted on 2005-04-21
Medium Priority
Last Modified: 2013-12-04
Due to a stabilty problem I move my master dc to a new computer, however, the behavior has not change.  When the old master dc crashes no user can login into the network.  Any ideas?

I have three Windows 2000 Server DC's in my network.  All three have DC's AD intergrated DNS configured. If I add a user to one DC's AD catalog the other DC's picks it up just fine.  However, if the old master crashes there is no redundancy with the other two DC's.  Even after, I move preforming a FSMO move per Windows docs.  What am I missing?
Question by:rileyadm
  • 4
  • 3
LVL 12

Expert Comment

ID: 13835091
What do you mean by "master DC".   Do you mean the PDC role?

I suspect your problem is the Global Catalog.  When running AD in native mode, you must have access to a Global Catalog server to be able to login.  If you have only one, then you are vulnerable to a server crash.   For a single-site, single-domain environment, configure *all* your domain controllers to be global catalogs.  

Author Comment

ID: 13835380
Yes, I do mean PDC role.  

1.) How can I check if I have access to the Global Catalog server?  Do I need to login using a domain administrator account?

2.) I do have multiple sites, 2 DC's at one site, 1 DC at a second site.  Neither scenario is working.

3.) How do I configure *all* of our DC's replicate the global catalog as you mentioned.

LVL 12

Expert Comment

ID: 13835741
Are these sites configured as different sites in Active Directory?  AD can't tell that DCs are at different sites by itself...you have to tell it what subnets correspond to each site.  I think that, when you install a new DC in a new site, it will be a GC by default.  But if you don't tell AD that this is a different site, a new DC will not be a GC by default.

To make a DC a GC:
Open to Administrative Tools>Active Directory Sites and Services>Sites, and then double-click the domain controller you want to work with in the Server folder for your desired site: Right-click NTDS Settings>Properties.   You should be able to
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!


Author Comment

ID: 13836472

Even though your response was cut off; I believe I got most of it.  I did enable the GC option on 2 of my DC's.  One DC in my N. Carolina site and the secondary DC in my Georiga site.  Of course, the primary DC (PDC role) in my Georgia site was already enabled.

What do you mean when you stated that " Are these sites configured as different sites in Active Directory?".  When I Open to Administrative Tools>Active Directory Sites and Services>Sites, and then double-click the domain controller, I do see the other DC servers.  Should I be looking for something else?

However, I do not see any entries under Inter-Site Transports or Subnets.  Is that correct?
LVL 12

Accepted Solution

Carlo-Giuliani earned 2000 total points
ID: 13836634
If you have no subnets, then you have only one site....presumably the default first site.  AD does not know that your have two sites, and so the PCs in one site may be using the DCs in another site.    If you have a fast connection between the two sites, it won't matter very much, but you really should define the subnets for each location, define two different sites, and move the DCs to the appropriate sites.

But that is really a whole seperate subject.  

Now that you have more than one GC, if the first GC crashes you should still be able to logon.

Author Comment

ID: 13961666
OK! After configuring all my DC's in one site to be  Global Catalog server faillover still did work.  This weekend my (master) DC crashed and no users were able to log into the network.

I am missing something?
LVL 12

Expert Comment

ID: 13961775
There are a number of other scenarios in which logins depend on just one server...I don't know enough about your configuration to know which ones might apply.  Have a look at


Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question