Primary Domain Controller Died

Hi,
I had 2 domain controllers this morning & now I have only one. My Windows 2000 server (PDC) decided not to reboot after Windows updates. It comes up with BSOD and the message is INACCESSIBLE_BOOT_DEVICE. it will not boot up in normal or safe mode and not even to command prompt. Well the server is about 8 years old. I also have a member server (Windows 2003 server). Can I make this server my PDC without affecting the AD? If I can do this then I don't care much about my old server. I got all the data I need and copied it onto the Windows 2003 server. I am ok in that regard. Can someone please guide me through to make this 2003 server my PDC & transfer all the roles to it?

Much appreciated!
JB
jbaraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KenMcFCommented:
Make sure you have DNS installed on your good DC and pointing to itself for resulution. Then make sure all clients are poinitng to the good DC as primary DNS.

Look at the link below to perform a metadatacleanup to remove the old DC from AD. Then the other link to seize all the FSMO roles.
Verify that the new DC is a Global Catalog server as well.

Did you have DHCP or any other serivce on the failed DC?


http://support.microsoft.com/kb/216498
http://support.microsoft.com/kb/255504
http://support.microsoft.com/kb/313994
Lee W, MVPTechnology and Business Process AdvisorCommented:
First, you did not have a PDC - there is no such thing in active Directory.  You had a server holding, apparently, all 5 FSMO roles.

If you have a working DC and you expect NEVER to recover the failed DC, then follow these steps to seize the FSMO roles:
http://www.petri.co.il/seizing_fsmo_roles.htm

Then you'll need to clean up AD and remove all signs of the old DC
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mike KlineCommented:
Once you go through the steps that Ken mentioned to get your current DC with all the roles and to cleanup the old server then at that point you can run dcpromo to promote that member server to be the second DC.

....for anyone that comes across this question via Google/Bing...this is why it is critical to have at least two DCs.  One died and it is not going to take him long to get things back in order.

Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

kevinhsiehCommented:
Don't forget to make your new domain controllers global catalog servers.
Brian PiercePhotographerCommented:
Ok

So you had ONE Domain Controller and another Member Server (not a DC). In that case (no backup I assume), you're stuffed.

If the member server had been an additional DC then all you would have to do would have been to sort out DNS and seize the FSMO roles.

However, if the other server wss indeed just a mamber server then you're out of luck. All you can hope to do is to create a new domain using the Win2003 machine as a new DC. That will mean rejoining all the workstations to the new domain and re-creating all the user accounts etc.
Mike KlineCommented:
Sounds like he had two DCs

I had 2 domain controllers this morning & now I have only one.
Brian PiercePhotographerCommented:
If so then the procedure has been covered - @jbara can you clarify - do you have another DC or just a member server?
jbaraAuthor Commented:
Well, when I setup this Win2003 server about 2 years ago, I ran dcpromo and set it as memner server (may be I am missing a little terminology here). They were both domain controllers & replicating AD to each other. I believe that I just have to seize FSMO roles as mentioned above. My workstations are authenticating to this newer DC and mapping the drives ok, I feel lucky that way. All my printers were shared from the old server but, I just finished setting them up on the newer server which seems to be working fine.

One question though: How can I make sure that the domain controller I have is a DC Global Catalog Server? Is there a procedure for it? or seizing the FSMO roles will also make it global catalog server?

Thanks to all who replied!
KenMcFCommented:
Dont forget to do a metadatcleanup of the old DC.

To check and verify the DC is a GC check the link I provided earlier.

http://support.microsoft.com/kb/313994
Mike KlineCommented:
ok when you ran dcpromo on the box that made it a domain controller, in AD users and computers you should see the box under the domain controllers OU.

also run the metadata cleanup that Ken mentioned (in addition to seizing the roels).  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Check sites and services to see if it is a GC   http://www.petri.co.il/configure_a_new_global_catalog.htm

...in a single domain the GC doesn't do much of anything though.

Thanks
Mike
kevinhsiehCommented:
FYI @Jbara, a member server is a server that has been joined to the domain, but it IS NOT a domain controller. When you successfully run DCpromo to promote it as a domain controller, it stops being a member server. We got it figured out, but it does cause confusion when a term gets used and it means the opposite of what you think it means.
jbaraAuthor Commented:
Hi Everyone,
just wondering if there is any time limit for seizing the FSMO roles!

its been about 22 hours since my (old) Windows 2000 DC died. the other server (newer) Windows 2003 DC is authenticating users and running the AD. I would like to try bringing the old server up & then run DCpromo and remove it. I am thinking if there is time limit to seize the roles OR do I have a few days to work on the old server & demote it the proper way?  

thank you for all the help!
Mike KlineCommented:
No time limit; if you are trying to bring the old box back up then good move to not seize them all; once all the roles are seized don't bring that old box back (wipe/rebuild at that point)

If you plan to just bring that old server up for the sake of a clean demotion then it may not be worth your time to do that.  

Thanks

Mike
Lee W, MVPTechnology and Business Process AdvisorCommented:
There is a time limit IN A SENSE but it's hard to pinpoint and PROBABLY not going to be hit.

For example, the FSMO role RID Master assigns relative IDs to the other DCs.  If you exhaust the RID allotment on the non-master DC, you could have problems creating more accounts.  If you create one account per week, you could have YEARS before you have this problem with RIDs.... if you create 20 accounts per day, you could have the problem in the next few days.

However, the time limit is just before you start having major problems on your network.  Even when you start having issues, you can still seize the roles.

Also, in a non-mixed mode domain, GCs are important for authentication.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.