Solved

What all to do, when adding new domain controller to AD ?

Posted on 2009-05-07
21
219 Views
Last Modified: 2013-12-05
Hallo

I would need help with problem. We had domain with one DC with Windows Server 2000. We upgraded domain to 2003, all has been done correctly, upgraded schema and so on. New domain controller is working quite well. In the domain is also Windows server with exchange 2000, problem is, when old DC (with Server 2000) is turned off, domain is working normally, internet is working normally, but exchange server can not start all services, it stats some errors with schema master. Can you pls say me what I did wrong? I would really need to get rid of the old server and work only with one DC.

thanks for help
0
Comment
Question by:AndrejArdan
  • 9
  • 7
  • 4
  • +1
21 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 200 total points
ID: 24323792
I assume that exchane is NOT on a DC ?

You need to make sure that the new DC is aslo a global catalog server and a DNS server

Assuming that you are using Active Directory Integrated DNS on the first Domain Controller, Just install DNS on the new DC (from the control panel->Windows Components->Networking Services->DNS, or Configure my server wizard), DNS will then replicate to the new domain controller along with Active Directory.

To make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Your machines also need to be set to use one sever as the preferred DNS server and the other as alternate DNS server via the TCP/IP properties and in the DHCP options.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24323898
You should also transfer the FSMO roles from the old server to new (http://support.microsoft.com/kb/255690) and then run DCPROMO on the old server to remove it from the AD. You can also use NTDSUTIL command line to do this (http://www.petri.co.il/delete_failed_dcs_from_ad.htm)
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24323974
You DO NOT need to transfer the FSMO roles and/or DCPROMO the old server unless the old server is going to be permanently removed.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24323994
"...I would really need to get rid of the old server and work only with one DC."

:-)
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24324003
>> "...I would really need to get rid of the old server and work only with one DC." <<

WHY - its far better to have two DCs than have just one.
0
 
LVL 15

Expert Comment

by:Narayan_singh
ID: 24324049
Make sure you have GC in new DC and transfer the 5 FSMO roles
Make sure you have DNS available. And WINS Server if you have
more than one subnet.
For ur reference :
http://www.msresource.net/knowledge_base/articles/how_to:_remove_a_windows_2000_domain_controller_from_the_domain.html
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24324056
>> transfer the 5 FSMO roles <<

NO NO NO - NOT NECESSARY !!!!!
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24324179
I do agree with KCTS; having more than one DC is good. I would still recommend transferring FSMO roles to the newer server even if you decide to keep the old one as an additional DC/GC/DNS Server.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24324200
This transfer or non tranfer of the FSMO roles is not what is causing the proplem for which the asker is seeking an anwer - it is entirely imaterial to thie issue being raised.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24324337
No offence; while your answer did addressed his main issues (missing GC), I felt it did not address the sub question of getting rid of the old DC.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 70

Expert Comment

by:KCTS
ID: 24324391
The question actually said >> I would really need to get rid of the old server and work only with one DC<<

to which the answer is NO
0
 

Author Comment

by:AndrejArdan
ID: 24324821
Thank you all for answers, and sorry, I did not want make the war :)

But what is very strange, when I took out Global Catalog from old server and put it on new server, after few minutes MS Exchange server failed to respond and there were many errors in event viewer:

Error ID: 9057
NSPI Proxy cannot contact any Global Catalog that supports the NSPI Service. New clients will be refused until a Global Catalog is available. After a Domain Controller is promoted to a Global Catalog, it must be rebooted to support MAPI Clients.

Error ID: 9143
Referral Interface cannot contact any Global Catalog that supports the NSPI Service. Clients making RFR requests will fail to connect until a Global Catalog becomes available again. After a Domain Controller is promoted to a Global Catalog, it must be rebooted to support MAPI Clients.

Event ID: 2103
Process MAD.EXE (PID=2800). All Global Catalog Servers in use are not responding:
"name of the old domain cotroller"

So, I had to put back Global Catalog role on old server and after restart Exchange server, all is working ok.

any idea?

thanks a lot
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24324892
Did you restart the new DC after making the change?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24324895
Is Exchange on a DC ?
if so then this is the problem
0
 
LVL 14

Assisted Solution

by:Raj-GT
Raj-GT earned 200 total points
ID: 24324925
Open Exchange System Manager and navigate to your exchange server properties box. In the Directory access tab, you should have All Domain controllers selected.
0
 

Author Comment

by:AndrejArdan
ID: 24324930
1. no, I did not restart old nor new DC :( should I ? :)
2. no, exchange is not on DC

Would it be problem, if I leave the role of Global Catalog also on the old server? lets say, that I would keep old one for backup DNS, also as backup DC...
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24324977
Yes, you should restart the new DC after making it a GC.

I would recommend making the newer DC the primary for everything especially if it is running on newer hardware. But you can leave both DCs with DNS and GC enabled if desired.
0
 

Author Comment

by:AndrejArdan
ID: 24467926
Sorry for late answer (I was on little vacation). Thank you very much for help. But I have little question, when I add my new DC to the - Exchange System Manager - exchange server properties - Directory Access - I see there three options (Domain Controllers, Globa Catalog, Configuration DCs). In the first two, I added my new one, but in the Configuration DCs its not possible to add there, has it any sense? what for is Configuration Domain Controllers?

thanks
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24471155
You should just leave "Automatically discover servers" checked so Exchange will discover the servers.

Can you tell me the error messages you were getting when adding servers to Configuration DC?
0
 

Author Comment

by:AndrejArdan
ID: 24480589
Unfortunatelly, there is no possiblity to add new one, because on Configuration DCs tab is only old DC and ADD button is grey :(

I must admin, I have no idea, what Configuration DC means :)
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24480859
The Configuration DC is where Exchange stores the Exchange Organisation information. It doesn't have to be a DC with FSMO roles. If the current configuration DC is not available, Exchange will automatically elect a new one when DSAccess Service refreshes (usually every 15 minutes).

Why not just leave "Automatically discover servers" selected. It should automatically remove the old server from the list once it has been decommissioned.

diraccess.gif
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now