?
Solved

Lost domain controller and need to add exchange back to domain

Posted on 2011-03-12
5
Medium Priority
?
596 Views
Last Modified: 2012-05-11
background:
I have a network that had only one domain controller, 2003 standard, and one exchange server 2003.  The domain controller died by having 2 drives of a 3 drive raid go out at the same time.  The server is dead and no chance of recovery by backup and will need to be rebuilt.  I did have a secondary DC that was offline for probably 3-4 months and was scheduled to be replaced with new HW.  I have brought the backup DC back online and have reset and added all servers and workstations back to the domain.  All servers and workstations are working fine now but I still have the exchange server  to go.  The DC does have all the users and groups and the AD is in good shape.

The backup or second DC was and is a GC but was not running the FSMO roles.  I will need to do the metadata cleanup and assign the roles to this DC and then add the exchange server back to the domain.  I do have a solid backup of the mailbbox store.

Questions:
1.  what's the best way to reassign the FSMO roles to the secondary or other DC i resurrected?  Can i do it through the AD MSC in the properties or do I have to go through the metadata cli?

2.  How do i add the exchange server back to the domain?  Should I do the metadata cleanup first or can i just remove the exchange server from the domain into a work group, reboot, then add back to the domain and reboot like the other servers?  I would like to do the exchange server first before the FSMO role cleanup as the longer I wait, the longer the email server is offline.

0
Comment
Question by:YankeeFan03
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 35118964
You have to seize the FSMO roles  to that box (you can do that now)  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

So the exchange server is still part of the domain now?  I'll let some of the exchange guys jump in on this too.

Thanks

Mike
0
 

Author Comment

by:YankeeFan03
ID: 35118984
Do you mean I can use the AD MSC gui to assign the roles to the dc online and then do the cleanup in the article or is it the other way around?  Do the cleanup in the article and then do the FSMO role assignment in the AD MSC gui?
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 1500 total points
ID: 35119333
you need to get your fsmo situation straightened out first

from the command line use ntdsutil

at the prompt, type 'roles' then 'connections'
then 'connect to server <dcname>' and it will tell u it connected
then quit (back to fsmo maintenance prompt)
then do the following (each will display windows prompt to confirm role seizure)

seize domain naming master
seize infrastructure master
seize pdc
seize rid master
seize schema master

you can do a ? in ntdsutil prompts for help

you can follow the article posted above for metadata cleanup in conjunction with fsmo role seizure
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 1500 total points
ID: 35119356
actually, you should seize the roles first as it could be possible the metadata cleanup might fail if the old DC had the schema master role and is not available
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 1500 total points
ID: 35119394
once your fsmo role issue is resolved, then check to make sure the computer account for the exchange server is good.  If this DC is a GC then the exchange services could work at that level, though there maybe other issues preventing it.  post any exchange messages from the event logs here.

if that dc was down or disconnected for 3-4 months, you won't see changes from accounts (mailbox related) since then.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question