how to change a second domain controler to a primary domain controler

Posted on 2006-04-24
Last Modified: 2010-04-18
1 year ago I install a domain controler (windows 2003 server standard edition) I told the DC that he was the first controler on a new domain...I setup the 22 users and bla bla bla everything was ok..     1  week after, I installed another domain controler on the same network and I told him that he was another dc in an existing domain. again everything was ok. he act as a backup server and is name is (bkserver).

NOW 2 day ago I had to change the first DC with a new Pc and I re-install windows server 2003 on it and I gave him the same name of my of my first server installed 1 year ago (serveur2003)  because it was the same name I  disconnect the first one from the network. and I begin the installation of the domain setup on the new one

I told him that he was another DC on an existing domain hoping that he would take the users name and password of all my existing users. It work I now have my two server running (serveur2003 and bkserver)

but now all two of them think that they are second on existing domain and I want the new one thinking he's the first one

So how do I tell the new server to be a PDC  

Because now i have error message telling me that


or a global catalog server could not be located.

and i have problem to creat new user.

Help me.
Question by:infotekplus
    LVL 51

    Accepted Solution

    This server you took down held the FSMO roles.

    You need to SEIZE the roles to the second DC and also make it a GC.
    Then you need to do a metadata cleanup of AD and remove ALL traces of the old DC (primary one).
    You also need to delete all traces of the old DC from DNS.

    You cannot simply remove and replace DCs without first moving the roles they hold off to another DC and then gracefully demoting it.

    LVL 48

    Expert Comment

    just to add, you need to remove from sites and services manually or else your diags will constantly throw errors,

    just a useful point :)
    LVL 51

    Expert Comment

    ..And a valid point.  Didn't we talk about this before?  :o)

    LVL 48

    Expert Comment

    i think we may have actually :)

    was just in a test environment recently again and the same problem happened   couldnt believe something that big was not remedied in a servie pack somewhere!

    Author Comment

    Your answer is to short...

    I need more explaination

    the first scenario is my PDC is dead ..  I was unable to transfert roles  how can I raise my new server to a PDC.
    that was my first question.

    but if you telling that there no other way to do it

    the second scenario is I might be able to put back the old server for a few minute (if the motherboard give me the time to do it)

    If I put  back the old PDC on the network then I transfert the role to my bkserver and right after I put back the new server who as the same name and transfer it back the role to the new server.. will it work.  So the bkserver will  temporary holding the role. and because the new server has the same name of the old PDC it will work easy

    the command in ntdsutil.exe to do this ...  is it

    from the pdc I say connect to the bkserver and tell him to seize pdc  or do I have to be on the destination server to tell him seize from the pdc?

    take me by the hand please.

    Author Comment

    I just saw that i don't even know how to respond to  an answer on my first question...  ouinn:-(
    LVL 48

    Assisted Solution

    what netman was saying is that basically there are five Master roles in a domain, these roles are crucial to domain functionality

    however, if you a single DC or 100 DC's there are still only 5 roles

    in an ideal world when we lose a DC or are planning on replacing a DC we can transfer the FSMO roles to another DC then do whatever needs to be done

    however, in your scenario your DC has died completley, you dont have the option of transferring the roles as both DC's need to be alive, the process you have to take in your scenario, is to sieze the roles from the old DC.

    you have to understand that if you do this, you cant ever bring your old DC back online, as you then have two DCs fighting over the roles that they both hold and all hell breaks loose on your Domain. you need to format your machine or at least completely remove and AD records using the tool below before you can ever bring it backup

    you need to follow this process

    this isnt a replacement to netman's answer it is just an add-on
    you run these processes on the only DC that is alive on your Domain at the moment,

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
    Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now