Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 233
  • Last Modified:

What all to do, when adding new domain controller to AD ?

Hallo

I would need help with problem. We had domain with one DC with Windows Server 2000. We upgraded domain to 2003, all has been done correctly, upgraded schema and so on. New domain controller is working quite well. In the domain is also Windows server with exchange 2000, problem is, when old DC (with Server 2000) is turned off, domain is working normally, internet is working normally, but exchange server can not start all services, it stats some errors with schema master. Can you pls say me what I did wrong? I would really need to get rid of the old server and work only with one DC.

thanks for help
0
AndrejArdan
Asked:
AndrejArdan
  • 9
  • 7
  • 4
  • +1
2 Solutions
 
KCTSCommented:
I assume that exchane is NOT on a DC ?

You need to make sure that the new DC is aslo a global catalog server and a DNS server

Assuming that you are using Active Directory Integrated DNS on the first Domain Controller, Just install DNS on the new DC (from the control panel->Windows Components->Networking Services->DNS, or Configure my server wizard), DNS will then replicate to the new domain controller along with Active Directory.

To make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Your machines also need to be set to use one sever as the preferred DNS server and the other as alternate DNS server via the TCP/IP properties and in the DHCP options.
0
 
Raj-GTSystems EngineerCommented:
You should also transfer the FSMO roles from the old server to new (http://support.microsoft.com/kb/255690) and then run DCPROMO on the old server to remove it from the AD. You can also use NTDSUTIL command line to do this (http://www.petri.co.il/delete_failed_dcs_from_ad.htm)
0
 
KCTSCommented:
You DO NOT need to transfer the FSMO roles and/or DCPROMO the old server unless the old server is going to be permanently removed.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Raj-GTSystems EngineerCommented:
"...I would really need to get rid of the old server and work only with one DC."

:-)
0
 
KCTSCommented:
>> "...I would really need to get rid of the old server and work only with one DC." <<

WHY - its far better to have two DCs than have just one.
0
 
Narayan_singhCommented:
Make sure you have GC in new DC and transfer the 5 FSMO roles
Make sure you have DNS available. And WINS Server if you have
more than one subnet.
For ur reference :
http://www.msresource.net/knowledge_base/articles/how_to:_remove_a_windows_2000_domain_controller_from_the_domain.html
0
 
KCTSCommented:
>> transfer the 5 FSMO roles <<

NO NO NO - NOT NECESSARY !!!!!
0
 
Raj-GTSystems EngineerCommented:
I do agree with KCTS; having more than one DC is good. I would still recommend transferring FSMO roles to the newer server even if you decide to keep the old one as an additional DC/GC/DNS Server.
0
 
KCTSCommented:
This transfer or non tranfer of the FSMO roles is not what is causing the proplem for which the asker is seeking an anwer - it is entirely imaterial to thie issue being raised.
0
 
Raj-GTSystems EngineerCommented:
No offence; while your answer did addressed his main issues (missing GC), I felt it did not address the sub question of getting rid of the old DC.
0
 
KCTSCommented:
The question actually said >> I would really need to get rid of the old server and work only with one DC<<

to which the answer is NO
0
 
AndrejArdanAuthor Commented:
Thank you all for answers, and sorry, I did not want make the war :)

But what is very strange, when I took out Global Catalog from old server and put it on new server, after few minutes MS Exchange server failed to respond and there were many errors in event viewer:

Error ID: 9057
NSPI Proxy cannot contact any Global Catalog that supports the NSPI Service. New clients will be refused until a Global Catalog is available. After a Domain Controller is promoted to a Global Catalog, it must be rebooted to support MAPI Clients.

Error ID: 9143
Referral Interface cannot contact any Global Catalog that supports the NSPI Service. Clients making RFR requests will fail to connect until a Global Catalog becomes available again. After a Domain Controller is promoted to a Global Catalog, it must be rebooted to support MAPI Clients.

Event ID: 2103
Process MAD.EXE (PID=2800). All Global Catalog Servers in use are not responding:
"name of the old domain cotroller"

So, I had to put back Global Catalog role on old server and after restart Exchange server, all is working ok.

any idea?

thanks a lot
0
 
Raj-GTSystems EngineerCommented:
Did you restart the new DC after making the change?
0
 
KCTSCommented:
Is Exchange on a DC ?
if so then this is the problem
0
 
Raj-GTSystems EngineerCommented:
Open Exchange System Manager and navigate to your exchange server properties box. In the Directory access tab, you should have All Domain controllers selected.
0
 
AndrejArdanAuthor Commented:
1. no, I did not restart old nor new DC :( should I ? :)
2. no, exchange is not on DC

Would it be problem, if I leave the role of Global Catalog also on the old server? lets say, that I would keep old one for backup DNS, also as backup DC...
0
 
Raj-GTSystems EngineerCommented:
Yes, you should restart the new DC after making it a GC.

I would recommend making the newer DC the primary for everything especially if it is running on newer hardware. But you can leave both DCs with DNS and GC enabled if desired.
0
 
AndrejArdanAuthor Commented:
Sorry for late answer (I was on little vacation). Thank you very much for help. But I have little question, when I add my new DC to the - Exchange System Manager - exchange server properties - Directory Access - I see there three options (Domain Controllers, Globa Catalog, Configuration DCs). In the first two, I added my new one, but in the Configuration DCs its not possible to add there, has it any sense? what for is Configuration Domain Controllers?

thanks
0
 
Raj-GTSystems EngineerCommented:
You should just leave "Automatically discover servers" checked so Exchange will discover the servers.

Can you tell me the error messages you were getting when adding servers to Configuration DC?
0
 
AndrejArdanAuthor Commented:
Unfortunatelly, there is no possiblity to add new one, because on Configuration DCs tab is only old DC and ADD button is grey :(

I must admin, I have no idea, what Configuration DC means :)
0
 
Raj-GTSystems EngineerCommented:
The Configuration DC is where Exchange stores the Exchange Organisation information. It doesn't have to be a DC with FSMO roles. If the current configuration DC is not available, Exchange will automatically elect a new one when DSAccess Service refreshes (usually every 15 minutes).

Why not just leave "Automatically discover servers" selected. It should automatically remove the old server from the list once it has been decommissioned.

diraccess.gif
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 9
  • 7
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now