Jmorrow
asked on
How to remove a completly dead domain controller
Before I get to my question here is our setup.
2 DC (windows server 2003)
1 mail server
About a month ago we had our primary domain controllers hard drive crash. Since then we have configured another domain controller to replace it and have promoted the server to a DC. Just recently we have had problems with creating user accounts in active directory. The error when creating an AD user is " Windows cannot create the object xxxx because: The directory service was unable to allocate a relative identifier" After hours of Google I found that it has to do with our old servers FSMO roles.
How do I seize roles of our completely dead non operational domain controller and add the roles to the new domain controller.
Also this problem is preventing us from creating new mailboxes for users as well.
2 DC (windows server 2003)
1 mail server
About a month ago we had our primary domain controllers hard drive crash. Since then we have configured another domain controller to replace it and have promoted the server to a DC. Just recently we have had problems with creating user accounts in active directory. The error when creating an AD user is " Windows cannot create the object xxxx because: The directory service was unable to allocate a relative identifier" After hours of Google I found that it has to do with our old servers FSMO roles.
How do I seize roles of our completely dead non operational domain controller and add the roles to the new domain controller.
Also this problem is preventing us from creating new mailboxes for users as well.
Hello Jmorrow!
Please review this MS support data first:
http://support.microsoft.com/kb/822053
/cheers
Please review this MS support data first:
http://support.microsoft.com/kb/822053
/cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I prefer Dan Petri's web site and the instructions he provides:
http://www.petri.co.il/seizing_fsmo_roles.htm
(It sounds like the failed DC will NEVER be restored - you only want to do this when that is the case).
And
www.petri.co.il/delete_failed_dcs_from_ad.htm
And don't forget to make the DC a Global Catalog.
http://www.petri.co.il/seizing_fsmo_roles.htm
(It sounds like the failed DC will NEVER be restored - you only want to do this when that is the case).
And
www.petri.co.il/delete_failed_dcs_from_ad.htm
And don't forget to make the DC a Global Catalog.
ASKER
the original dc is down and I cannot transfer any roles from it. Lee, I tried what the first link says but it keeps wanting to connect to the old dc. How do I get all 5 roles running on the new dc without associating the old one. The old one had a failed hard drive. No back ups either
Did u check the second link in my previous post?
ASKER
yes and I cant do what it says because I cannot connect to the old DC at all. There is no connection what so ever.......
what now! ive spent 4 hours thus far on this .. :(
what now! ive spent 4 hours thus far on this .. :(
u don't need to connect to the dead server but to the live one...
what steps are you followin g?
what steps are you followin g?
ASKER
Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being seized. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer schema or domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.
Click Start, click Run, type ntdsutil in the Open box, and then click OK.
Type roles, and then press ENTER.
Type connections, and then press ENTER.
Type connect to server servername, and then press ENTER, where servername is the name of the domain controller that you want to assign the FSMO role to.
At the server connections prompt, type q, and then press ENTER.
Type seize role, where role is the role that you want to seize. For a list of roles that you can seize, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to seize the RID master role, type seize rid master. The one exception is for the PDC emulator role, whose syntax is seize pdc, not seize pdc emulator.
At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
Right when I try to seize a role after connecting to the server that I want to have the FSMO roles I get this error code:
"Error returned is 0x20af <The requested FSMO operation failed. The current FSMO holder could not be contacted"
????
Click Start, click Run, type ntdsutil in the Open box, and then click OK.
Type roles, and then press ENTER.
Type connections, and then press ENTER.
Type connect to server servername, and then press ENTER, where servername is the name of the domain controller that you want to assign the FSMO role to.
At the server connections prompt, type q, and then press ENTER.
Type seize role, where role is the role that you want to seize. For a list of roles that you can seize, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to seize the RID master role, type seize rid master. The one exception is for the PDC emulator role, whose syntax is seize pdc, not seize pdc emulator.
At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
Right when I try to seize a role after connecting to the server that I want to have the FSMO roles I get this error code:
"Error returned is 0x20af <The requested FSMO operation failed. The current FSMO holder could not be contacted"
????
yes it will first try to transfer it will fail and it will prompt you if you wanna seize it say yes
ASKER
Oh, ok sorry I thought because of the error code in the cmd prompt it wasnt working. I just checked to see which servers had the roles now and it seems that the new server now has all the roles. I just tested creating a user/mailbox within active directory and it worked. I think we are going strong now thank you so much!
Petri's article even SHOWS YOU the error message you received... this is one of the reasons I prefer his articles.
http://support.microsoft.com/kb/255504