Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 610
  • Last Modified:

Rebuild member domain controller

Good Morning all:

I need some help rebuilding a domain controller. The server disks failed (Windows will not boot) and cannot locate the backups. I'm rebuilding the server from scratch with the exact computer name and IP address. What I"m not sure about is what I need to do in Active Directory in order prepare to reromote this DC. Any assistance is very appreciated. The OS is Windows 2003 standard.

Thanks,

Rm103
0
rmq103
Asked:
rmq103
  • 5
  • 3
  • 3
2 Solutions
 
Chris DentPowerShell DeveloperCommented:

Hey Rm103,

You need to clean the failed server out of Active Directory using the instructions here:

http://technet.microsoft.com/en-us/library/cc736378.aspx

Did the server that failed host any of the FSMO roles? You will need to relocate those, again using NTDSUtil as follows:

Start, Run, NTDSUtil
Roles
Connections
Connect To Server TheDCThatWorks
Quit
Select Operation Target
List Roles for Connected Server

If any of the roles listed here report as being on the failed server you need to Seize them. I'll pop in instructions for that as well if you discover that to be the case.

HTH

Chris
0
 
KCTSCommented:
If you have no backups, then you need to run DCPROMO to promote the machine to be a domain controller. If you have another DC in the same domain, select "additional domain controller for existing domain"

If you have no other DC, then you will have to recreate the domain from scratch - that includes additng all the clients back into the new domain (cos that's what it is - even if you use the same name), annd you will also have to add all the user accounts etc.
0
 
rmq103Author Commented:
Thanks for the comments. The server was a member domain controller for the remote site. Aside from it being a DC, it was a DHCP/DNS server.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
KCTSCommented:
>> member domain controller << ?? no such beast - its either a DC or member sever - it cannot be both.

First you will need to remove all traces of the failed DC from AD - see http://www.petri.co.il/delete_failed_dcs_from_ad.htm

As there is another DC in the domain then just install thie new machine as an additional DC for the domain, then install DNS. AD and DNS will replcate from the other DC (assuming you are using AD integrated DNS). You will then need to install and configure DHCP again.

Make sure that the new DC is set correctly in AD Sites and Services.

0
 
rmq103Author Commented:
By member server I meant DC that is not a primary DC. Thanks for the clarification. I"m a little confused. If I"m going to reuse the same IP address and computer name, how come do I have to remove all the traces of the DC?
0
 
Chris DentPowerShell DeveloperCommented:

There's no such thing as a Primary DC, all DCs were made equal, only the DCs that hold FSMO roles are more equal than the others ;)

Because even if you name it the same name it is *not* the same Domain Controller. Domain Controllers are identified by attributes that are rather more unique and difficult to repeat than it's name. It won't match with the new one unless you restore it from a backup (impossible here as you mentioned).

Therefore, prior to re-adding a server under that name you must ensure that you clean references to the now dead DC out of AD using the steps above.

Once you've done that you should be fine with the newly built DC.

Chris
0
 
KCTSCommented:
As chris-dent says even if you create new machine with the dame name and IP address, it will have a different security identifier (SID) and it will not be the same machine !


It is VITAL that you remove all traces of the failed DC PRIOR to bulding the new one with the same name.
0
 
rmq103Author Commented:
Good Morning All:

Just to update we were able to boot the DC into Windows although it seems a bit unstable. I think the best course of action is to rebuild the DC. Now that we can boot into Windows I"m assuming that we need to demote the DC (Is this done by running DCPROMO.EXE? and additional steps) and promote after rebuild. Also how can we tell if this DC is a global catalog server?

Last question: When rebuilding system and rejoining the domain, is there anything that needs to be done before we rejoin the same computer name into the domain? I"ve had instances in the past with desktops/laptops where when I rebuild/rejoin I get messages saying the computer name already exists and proceeds to name it something else. My workaround around this is to delete the computer account and rejoin.  

Thanks,

Rm103
0
 
rmq103Author Commented:
Good Morning All:

Just to update we were able to boot the DC into Windows although it seems a bit unstable. I think the best course of action is to rebuild the DC. Now that we can boot into Windows I"m assuming that we need to demote the DC (Is this done by running DCPROMO.EXE? and additional steps) and promote after rebuild. Also how can we tell if this DC is a global catalog server?

Last question: When rebuilding system and rejoining the domain, is there anything that needs to be done before we rejoin the same computer name into the domain? I"ve had instances in the past with desktops/laptops where when I rebuild/rejoin I get messages saying the computer name already exists and proceeds to name it something else. My workaround around this is to delete the computer account and rejoin.  

Thanks,

Rm103
0
 
Chris DentPowerShell DeveloperCommented:

If you can boot into it then DCPromo is the way to go. That will cleanly remove it from AD, removing the need for all of the steps above.

The Global Catalog is set in AD Sites and Services, dig down to the server, beneath that you should see an NTDS Settings folder. Open up the Properties, Global Catalog is a tick-box there.

Once you've demoted the server, drop it out to a workgroup or just switch it off and start rebuilding. It's worth deleting the Computer Account after you've begun the rebuild, and you may want to pop into the DNS console and delete any entries that reference the old server. The rebuilt server will create its own versions of those.

Chris
0
 
rmq103Author Commented:
Thanks for your help. Now we have a solution path for this !

rmq103
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 5
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now