• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 430
  • Last Modified:

HELP! - Failed DC - no global catalog servers - need help to transfer roles and create GC server

Our main Domain controller failed and we are in the process of purchasing a new server.
We have 2 other servers which are handling the active directory at the moment

However the other 2 servers do not have the Global catalog tick box ticked.... can this be enabled even though the PDC master is no longer available??

Also need to transfer the roles to the new server - do I need to transfer the roles to the temp server with dns etc on the transfer from that to the new one after that??
Need step by step help as I do not want to break AD!!

Thanks
Steve Armario
0
sarmario
Asked:
sarmario
  • 7
  • 4
  • 2
1 Solution
 
Mad_JasperCommented:
Yes, you can click the box for the Global Catalog.

I would transfer the roles to a neew server. Here is an Microsoft article on transfering FSMO roles:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;324801

0
 
sarmarioAuthor Commented:
Just wanted to check first! - will try transfering the roles next week (don't want a call at the weekend!)
:-|

Steve
0
 
Mad_JasperCommented:
You have much wisdom, my friend. ;-)
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
rcasteelCommented:
Remember this simple rule.  If you cannot transfer the FSMO roles gracefully, you must sieze the roles.  Some of the roles  cannot ever be duplicated once they are siezed.  For instance siezing roles then bringing the old DC back on line can cause a massive AD failure

If you cannot change group member ships or create groups, your Infrastucture master is offline.
If you cannot create objects (users computers etc.) your RID master is probably offline
You will not be able to add any new domains to the tree if the domain naming master is offline.
The PDC emulator is relatively inert unless you have legacy clients.

The problem with waiting to transfer or seize these roles, is their functionality will not be available until the role is back online.

GCs can peacfully coexist, but RID masters must be unique to the domain (only one allowed)
0
 
sarmarioAuthor Commented:
I have seized all the roles and seems to be ok ... have added a new user to AD ok. I am a little unsure about the metadata cleanup of the old DC; can anyone point me to an easy faq on this step?

Printers do not also appear in AD but I presume I can get these to appear again if I re-set them up - they were not on the old DC they were on the mailserver (the temp new DC!)

Thanks
Steve
0
 
rcasteelCommented:
Have you enabled a GC yet?
0
 
Mad_JasperCommented:
0
 
sarmarioAuthor Commented:
Yes, I have enabled the mail server (temp DC) as the Global catalog server.
0
 
sarmarioAuthor Commented:
Do I need to go into AD sites and services and remove the tick from the old DC before I do the metabase cleanup?
0
 
Mad_JasperCommented:
I think it is a best practice but not absolutely necessary.  Its been a while, but I think th elast time I tried to remove the DC from AD Sites and Services but I coukd not remove it. I ran the metabase cleanup and removed it after that.
0
 
sarmarioAuthor Commented:
I am configuring the new server today and want to configurre it back onto the domain - but not till I get this cleared up....
If i run dcdiag I get some errors - how do I fix these before I cleanup the metabase - don't want to screw it all up.
We also have another server called ACC080 - configured as a domain controller but holds no roles (as far as I know)

Here is the DC Diag output
DC Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial non skippeable tests

   Testing server: Default-First-Site-Name\MAILSERVER
      Starting test: Connectivity
         ......................... MAILSERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\MAILSERVER
      Starting test: Replications
         [Replications Check,MAILSERVER] A recent replication attempt failed:
            From ACCLAIMW2K to MAILSERVER
            Naming Context: CN=Schema,CN=Configuration,DC=acclaimhandling,DC=loc
al
            The replication generated an error (1722):
            Win32 Error 1722
            The failure occurred at 2006-05-24 11:42.36.
            The last success occurred at 2006-05-03 20:04.28.
            1982 failures have occurred since the last success.
            [ACCLAIMW2K] DsBind() failed with error 1722,
            Win32 Error 1722.
            The source remains down. Please check the machine.
         [Replications Check,MAILSERVER] A recent replication attempt failed:
            From ACCLAIMW2K to MAILSERVER
            Naming Context: CN=Configuration,DC=acclaimhandling,DC=local
            The replication generated an error (1722):
            Win32 Error 1722
            The failure occurred at 2006-05-24 11:42.15.
            The last success occurred at 2006-05-03 20:04.28.
            1982 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,MAILSERVER] A recent replication attempt failed:
            From ACCLAIMW2K to MAILSERVER
            Naming Context: DC=acclaimhandling,DC=local
            The replication generated an error (1722):
            Win32 Error 1722
            The failure occurred at 2006-05-24 11:41.54.
            The last success occurred at 2006-05-03 20:11.33.
            2054 failures have occurred since the last success.
            The source remains down. Please check the machine.
         ......................... MAILSERVER passed test Replications
      Starting test: NCSecDesc
         ......................... MAILSERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... MAILSERVER passed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\acc080.acclaimhandling.
local, when we were trying to reach MAILSERVER.
         Server is not responding or is not considered suitable.
         Warning: MAILSERVER is not advertising as a global catalog.
         Check that server finished GC promotion.
         Check the event log on server that enough source replicas for the GC ar
e available.
         ......................... MAILSERVER failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... MAILSERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... MAILSERVER passed test RidManager
      Starting test: MachineAccount
         ......................... MAILSERVER passed test MachineAccount
      Starting test: Services
            RPCLOCATOR Service is stopped on [MAILSERVER]
            NETLOGON Service is stopped on [MAILSERVER]
            Could not open SMTPSVC Service on [MAILSERVER]:failed with 1060: Win
32 Error 1060
         ......................... MAILSERVER failed test Services
      Starting test: ObjectsReplicated
         ......................... MAILSERVER passed test ObjectsReplicated
      Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.
         ......................... MAILSERVER passed test frssysvol
      Starting test: kccevent
         An Error Event occured.  EventID: 0xC0000466
            Time Generated: 05/24/2006   11:41:32
            (Event String could not be retrieved)
         ......................... MAILSERVER failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0040009
            Time Generated: 05/24/2006   11:13:53
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0040009
            Time Generated: 05/24/2006   11:26:19
            (Event String could not be retrieved)
         ......................... MAILSERVER failed test systemlog

   Running enterprise tests on : acclaimhandling.local
      Starting test: Intersite
         ......................... acclaimhandling.local passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         ......................... acclaimhandling.local failed test FsmoCheck

Please help!

Steve
0
 
sarmarioAuthor Commented:
Just seen an article on seizing roles - it says :
"Note: Do not put the Infrastructure Master (IM) role on the same domain controller as the Global Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest."
I transfered ALL roles to this server!

I am drowning!!

Shall I transfer the Infrastructure master to the ACC080 machine??

Steve
0
 
sarmarioAuthor Commented:
Mant to make sure I have done everything BEFORE i run the metabase cleanup - can anyone list the things to check please. to recap I have done the following
Seized roles to Mailserver (including the IM) !! - can I change this now??
Put a Tick in the global catalog option in sites and services.

Steve
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now