Solved

Domain Controller Removal Problem

Posted on 2009-05-08
26
419 Views
Last Modified: 2012-05-06
I have got a problem with an old Windows 2000 server which im trying to remove from the domain and usind my sbs 2003 server as the domain controller.
The SBS 2003 machine is listed as a domain controller but it appears that the 2000 is still listed as the main DC.
If I run a dcdiag on the sbs2003 machine I get the following error

      Starting test: Advertising
         Warning: DsGetDcName returned information for \\fleetserv.croydon.fleet
line.co.uk, when we were trying to reach PRIMARY

Fleetserv is the old 2000 machine and primary is the sbs 2003 machine.
Is there a way to get the DsGetDCName to point to primary instead of fleetserv?

If I try and remove fleetserv via dcpromo I get an error saying "A domain controller could not be contacted for the domain .... that contained an account for this computer?

Thanks
0
Comment
Question by:delboytrigger
  • 12
  • 11
  • +2
26 Comments
 
LVL 25

Expert Comment

by:DrDave242
ID: 24338900
Assuming your SBS 2003 server has all of the FSMO roles (you'd know if it didn't, as it would start rebooting itself), you should be able to do a "dcpromo /forceremoval" on the 2000 server, then perform a metadata cleanup on the SBS server to remove any lingering traces of it from AD:

http://support.microsoft.com/kb/216498
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 24338916
Forgot to add that, as is the case whenever you're making big changes, it wouldn't hurt to take a full backup (with system state) of the SBS 2003 server before doing anything.
0
 

Expert Comment

by:Change2009
ID: 24338982
If your SBS 2003 has not been in production stage I recommend to re create it and then use migration tool to migrate from windows 200 to SBS 2003 active diretory.(Active Directory Migration Tool v3.0).
If it is small number of users (10 or less) you may recreate all the objects (user, printers, etc )on the new server and you just have to recrete user profile on the new server.(disjoint from old domain and join to new domain)


0
 

Expert Comment

by:romavo
ID: 24338987
I'm wondering if the 2000 server still thinks its the DC?

this from

http://support.microsoft.com/kb/332199


Windows 2000 domain controllers
Install the Q332199 hotfix on a Windows 2000 domain controller that is running Service Pack 2 (SP2) or a later version, or install Windows 2000 Service Pack 4 (SP4). SP2 and later versions support forced demotion. Then, restart your computer.
Click Start, click Run, and then type the following command:
dcpromo /forceremoval
Click OK.
At the Welcome to the Active Directory Installation Wizard page, click Next.
If the computer that you are removing is a global catalog server, click OK in the message window.

Note Promote additional global catalogs in the forest or in the site if the domain controller that you are demoting is a global catalog server, as needed.
At the Remove Active Directory page, make sure that the This server is the last domain controller in the domain check box is cleared, and then click Next.
At the Network Credentials page, type the name, password, and domain name for a user account with enterprise administrator credentials in the forest, and then click Next.
In Administrator Password, type the password and confirmed password that you want to assign to the Administrator account of the local SAM database, and then click Next.
On the Summary page, click Next.
Perform a metadata cleanup for the demoted domain controller on a surviving domain controller in the forest.
If you removed a domain from the forest by using the remove selected domain command in Ntdsutil, verify that all the domain controllers and the global catalog servers in the forest have removed all the objects and the references to the domain that you just removed before you promote a new domain into the same forest with the same domain name. Tools such as Replmon.exe or Repadmin.exe from Windows 2000 Support Tools may help you determine whether end-to-end replication has occurred. Windows 2000 SP3 and earlier global catalog servers are noticeably slower to remove objects and naming contexts than Windows Server 2003 is.
0
 

Author Comment

by:delboytrigger
ID: 24339001
If I run a dcpromo /forceremoval will that leave the domain intact as there are 2 other servers in this domain?
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 24339011
Yes, it will.  There's a checkbox for "This is the last DC in this domain" or something similar.  Leave that unchecked.
0
 

Author Comment

by:delboytrigger
ID: 24339035
When  I do the dcpromo /forceremoval command the "this is the last domain" checkbox is not aviable?
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 24339058
Ah, OK.  No problem, then.  Just keep going.  All the "/forceremoval" does is remove AD components from that server without trying to contact other DCs in the domain.
0
 

Author Comment

by:delboytrigger
ID: 24339111
Ok server removed just going to do the metadata cleanup but do I need to do anything on the SBS machine to tell it to now be the dc?
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 24339139
It should already be "the" DC.  That's one of the requirements of SBS.  If it's been up and running for a while, you're OK, because it would have started rebooting itself after a few days of not being a DC or not holding all of the FSMO roles.  You can check to make sure it's got them all if you'd like, though:

http://support.microsoft.com/kb/324801
0
 

Author Comment

by:delboytrigger
ID: 24339189
Yes its been on the domain for ages with no problems. I did transfer the FSMO roles over earlier today.

Tried running the metadata cleanup but this is what I get
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

H:\>ntdsutil
ntdsutil: metadata cleanup
metadata cleanup: remove selected server fleetserv.croydon.fleetline.co.uk
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
        'CN=Ntds Settings,fleetserv.croydon.fleetline.co.uk'

Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup:
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 24339216
Go through the whole metadata cleanup process one line at a time rather than trying to do it all in one command.
0
 

Author Comment

by:delboytrigger
ID: 24339255
Now if I try to logon to the sbs server it gives me an error saying the domain is no longer available?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 25

Expert Comment

by:DrDave242
ID: 24339557
Aren't you already logged onto the SBS server, or did you perform the metadata cleanup from another machine?
0
 

Author Comment

by:delboytrigger
ID: 24339676
i was trying to do the metadata from another machine I still havent been able to complete this, do you think this is why I cant logon to the domain on the sbs server?
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 24339750
I'm not sure - I may have made some assumptions about your SBS server that are turning out to be incorrect.  It seems that your SBS server is not a global catalog, and the 2000 server was the only GC in the domain.  Even without a GC, the Administrator account should still be able to log onto the SBS 2003 server.  Are you able to do this?  If so, open AD Sites and Services and make it a GC by following these instructions:

http://support.microsoft.com/kb/313994
0
 

Author Comment

by:delboytrigger
ID: 24339920
I had changed the global catalog to the sbs server earlier in the day but im ot 100% sure if it had worked or not? Does it matter what machine I run the metadata cleanup on?
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 24339945
It shouldn't matter what machine it's run on, although Server 2003 SP1 made the process a little easier (it does more of the work for you behind-the-scenes).
0
 

Author Comment

by:delboytrigger
ID: 24340052
ok right im running the clean up process and when i get to connect to server i just type the name of the server I have removed but I get an error saying there are no more endpoints available from the endpoint mapper?
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 24340082
The last time I saw a "No more endpoints" error, it was due to a firewall running on the DC in question.  (This wasn't during a metadata cleanup, though.)  Are you still running the cleanup from a machine other than the SBS server?  Are you able to log on locally to the SBS server at all?  If the second answer is yes, I'd recommend running the cleanup from there.
0
 

Author Comment

by:delboytrigger
ID: 24340183
right I managed to use the connect to server local host command and remove the old server from there and can now log on to the dbd server which is great thanks! But i do think I need to tidy up DNS now as getting some errors while connect a pc?
Thanks for all your help you have been great
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 24340210
Yeah, DNS may be a mess after that.  Just make sure you remove any records that refer to the 2000 server.
0
 

Author Comment

by:delboytrigger
ID: 24343226
Right even though I can logon to the 2003 machine (made a mistake its not an sbs server just standard 2003 was a long day yesterday!!!) it doeant appear to be running as a global catalogue as if I run a dcdiag it says all GC's are down but I have checked and the server does have a tick in the correct place within ad sites and services. I have a feeling that the domain still believes that the older server is the primary domain controller?
Any ideas would be great!!! Thanks!
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 205 total points
ID: 24385882
Sorry, I was out of the office for a while.  Run dcdiag on the 2003 server and post the results here, if you don't mind.
0
 

Author Comment

by:delboytrigger
ID: 24393345
Hi thanks for all your help managed to get it sorted in the end you was a big help thanks!
0
 
LVL 13

Expert Comment

by:Corey2
ID: 25850743
What was the solution? There appears to be none.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now