Solved

What all to do, when adding new domain controller to AD ?

Posted on 2009-05-07
21
221 Views
Last Modified: 2013-12-05
Hallo

I would need help with problem. We had domain with one DC with Windows Server 2000. We upgraded domain to 2003, all has been done correctly, upgraded schema and so on. New domain controller is working quite well. In the domain is also Windows server with exchange 2000, problem is, when old DC (with Server 2000) is turned off, domain is working normally, internet is working normally, but exchange server can not start all services, it stats some errors with schema master. Can you pls say me what I did wrong? I would really need to get rid of the old server and work only with one DC.

thanks for help
0
Comment
Question by:AndrejArdan
  • 9
  • 7
  • 4
  • +1
21 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 200 total points
ID: 24323792
I assume that exchane is NOT on a DC ?

You need to make sure that the new DC is aslo a global catalog server and a DNS server

Assuming that you are using Active Directory Integrated DNS on the first Domain Controller, Just install DNS on the new DC (from the control panel->Windows Components->Networking Services->DNS, or Configure my server wizard), DNS will then replicate to the new domain controller along with Active Directory.

To make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Your machines also need to be set to use one sever as the preferred DNS server and the other as alternate DNS server via the TCP/IP properties and in the DHCP options.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24323898
You should also transfer the FSMO roles from the old server to new (http://support.microsoft.com/kb/255690) and then run DCPROMO on the old server to remove it from the AD. You can also use NTDSUTIL command line to do this (http://www.petri.co.il/delete_failed_dcs_from_ad.htm)
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24323974
You DO NOT need to transfer the FSMO roles and/or DCPROMO the old server unless the old server is going to be permanently removed.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 14

Expert Comment

by:Raj-GT
ID: 24323994
"...I would really need to get rid of the old server and work only with one DC."

:-)
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24324003
>> "...I would really need to get rid of the old server and work only with one DC." <<

WHY - its far better to have two DCs than have just one.
0
 
LVL 15

Expert Comment

by:Narayan_singh
ID: 24324049
Make sure you have GC in new DC and transfer the 5 FSMO roles
Make sure you have DNS available. And WINS Server if you have
more than one subnet.
For ur reference :
http://www.msresource.net/knowledge_base/articles/how_to:_remove_a_windows_2000_domain_controller_from_the_domain.html
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24324056
>> transfer the 5 FSMO roles <<

NO NO NO - NOT NECESSARY !!!!!
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24324179
I do agree with KCTS; having more than one DC is good. I would still recommend transferring FSMO roles to the newer server even if you decide to keep the old one as an additional DC/GC/DNS Server.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24324200
This transfer or non tranfer of the FSMO roles is not what is causing the proplem for which the asker is seeking an anwer - it is entirely imaterial to thie issue being raised.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24324337
No offence; while your answer did addressed his main issues (missing GC), I felt it did not address the sub question of getting rid of the old DC.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24324391
The question actually said >> I would really need to get rid of the old server and work only with one DC<<

to which the answer is NO
0
 

Author Comment

by:AndrejArdan
ID: 24324821
Thank you all for answers, and sorry, I did not want make the war :)

But what is very strange, when I took out Global Catalog from old server and put it on new server, after few minutes MS Exchange server failed to respond and there were many errors in event viewer:

Error ID: 9057
NSPI Proxy cannot contact any Global Catalog that supports the NSPI Service. New clients will be refused until a Global Catalog is available. After a Domain Controller is promoted to a Global Catalog, it must be rebooted to support MAPI Clients.

Error ID: 9143
Referral Interface cannot contact any Global Catalog that supports the NSPI Service. Clients making RFR requests will fail to connect until a Global Catalog becomes available again. After a Domain Controller is promoted to a Global Catalog, it must be rebooted to support MAPI Clients.

Event ID: 2103
Process MAD.EXE (PID=2800). All Global Catalog Servers in use are not responding:
"name of the old domain cotroller"

So, I had to put back Global Catalog role on old server and after restart Exchange server, all is working ok.

any idea?

thanks a lot
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24324892
Did you restart the new DC after making the change?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24324895
Is Exchange on a DC ?
if so then this is the problem
0
 
LVL 14

Assisted Solution

by:Raj-GT
Raj-GT earned 200 total points
ID: 24324925
Open Exchange System Manager and navigate to your exchange server properties box. In the Directory access tab, you should have All Domain controllers selected.
0
 

Author Comment

by:AndrejArdan
ID: 24324930
1. no, I did not restart old nor new DC :( should I ? :)
2. no, exchange is not on DC

Would it be problem, if I leave the role of Global Catalog also on the old server? lets say, that I would keep old one for backup DNS, also as backup DC...
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24324977
Yes, you should restart the new DC after making it a GC.

I would recommend making the newer DC the primary for everything especially if it is running on newer hardware. But you can leave both DCs with DNS and GC enabled if desired.
0
 

Author Comment

by:AndrejArdan
ID: 24467926
Sorry for late answer (I was on little vacation). Thank you very much for help. But I have little question, when I add my new DC to the - Exchange System Manager - exchange server properties - Directory Access - I see there three options (Domain Controllers, Globa Catalog, Configuration DCs). In the first two, I added my new one, but in the Configuration DCs its not possible to add there, has it any sense? what for is Configuration Domain Controllers?

thanks
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24471155
You should just leave "Automatically discover servers" checked so Exchange will discover the servers.

Can you tell me the error messages you were getting when adding servers to Configuration DC?
0
 

Author Comment

by:AndrejArdan
ID: 24480589
Unfortunatelly, there is no possiblity to add new one, because on Configuration DCs tab is only old DC and ADD button is grey :(

I must admin, I have no idea, what Configuration DC means :)
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24480859
The Configuration DC is where Exchange stores the Exchange Organisation information. It doesn't have to be a DC with FSMO roles. If the current configuration DC is not available, Exchange will automatically elect a new one when DSAccess Service refreshes (usually every 15 minutes).

Why not just leave "Automatically discover servers" selected. It should automatically remove the old server from the list once it has been decommissioned.

diraccess.gif
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question