Cannot add a new DC to domain - error that changes must be made but whether they've been made is undetermined

pcspcs
pcspcs used Ask the Experts™
on
I'm having trouble adding a new server to an AD domain.  There are four servers on the network, all are Windows 2003 Enterprise.  Two were domain controllers. One DC crashed.  All references to it were removed from AD and a new server was buit.  When trying to add it as a DC using dcpromo wizard we see:

The Wizard is configuring Active Directory
Located comain controller server1.mydomain.com
Stopping NETLOGON
Examining an existing Active Directory Forest

After a moment we get the error:
The operation failed because:  This Active Directory installation requires domain configuration changes, but whether these changes have been made on the domain controller server1.mydomain.com is undetermined.  The installation process has quite.  "The system cannot find the file specified".

We though it might be because we named the replacement serve the same name as the one we removed.  So we renamed the server and tried again with the same results. This is after a fresh install on a blank drive on this server.  I assume there are some permission problems somewhere in AD, but have no way to verify this or know where to look.  Awhile back we made changes to some impersonation settings, but they should all be back where they belong.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2004
Commented:
Hi
Have you checked that all the fsmo roles are being recognised and held correctly?

Try running this from a command prompt

netdom query fsmo

It should correctly return five roles. If not you may have to seize them if any were held by the exstinct dc.
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/kb/255504

You should also check that dns is setup and functioning correctly -

Deb :)

Commented:
Did the server that crashed hold any of your FSMO roles? You can check and see which server has the roles by following the steps in this article:

http://support.microsoft.com/kb/255690



If the server that crashed was holding any of those roles you will need to seize them onto another DC. This article covers the steps you will need to go through to do that:

http://support.microsoft.com/default.aspx?scid=kb;en-us;255504     (Scroll down to the "Seize FSMO roles" portion of the article)



Also, was server 1 the only Global catalog in the forest? If so you will want to make another server the global catalog by following the steps here:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/7b1c3e1c-ef32-4b8e-b4c4-e73910575f61.mspx



Lastly, if the old DC crashed then it was not able to be gracefully removed from your AD metadata / schema. You can follow the steps in the following article to use ntdsutil to clean up and remove your old DC from the AD metadata:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/012793ee-5e8c-4a5c-9f66-4a486a7114fd.mspx





Hopefully one of these solutions will help you out! Best of luck!
-Mitch


Commented:
sorry about that Deb, didn't see that you already recomended seizing the FSMO roles, I forgot to refresh before posting :\

-Mitch
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Top Expert 2004

Commented:
No probs - done it myself many many times ;-)

Author

Commented:
Wahoo!  Thank you Deb. Thank you thank you thank you!
Top Expert 2004

Commented:
Glad to help :))

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial