Solved

Lost domain controller and need to add exchange back to domain

Posted on 2011-03-12
5
591 Views
Last Modified: 2012-05-11
background:
I have a network that had only one domain controller, 2003 standard, and one exchange server 2003.  The domain controller died by having 2 drives of a 3 drive raid go out at the same time.  The server is dead and no chance of recovery by backup and will need to be rebuilt.  I did have a secondary DC that was offline for probably 3-4 months and was scheduled to be replaced with new HW.  I have brought the backup DC back online and have reset and added all servers and workstations back to the domain.  All servers and workstations are working fine now but I still have the exchange server  to go.  The DC does have all the users and groups and the AD is in good shape.

The backup or second DC was and is a GC but was not running the FSMO roles.  I will need to do the metadata cleanup and assign the roles to this DC and then add the exchange server back to the domain.  I do have a solid backup of the mailbbox store.

Questions:
1.  what's the best way to reassign the FSMO roles to the secondary or other DC i resurrected?  Can i do it through the AD MSC in the properties or do I have to go through the metadata cli?

2.  How do i add the exchange server back to the domain?  Should I do the metadata cleanup first or can i just remove the exchange server from the domain into a work group, reboot, then add back to the domain and reboot like the other servers?  I would like to do the exchange server first before the FSMO role cleanup as the longer I wait, the longer the email server is offline.

0
Comment
Question by:YankeeFan03
  • 3
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 125 total points
ID: 35118964
You have to seize the FSMO roles  to that box (you can do that now)  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

So the exchange server is still part of the domain now?  I'll let some of the exchange guys jump in on this too.

Thanks

Mike
0
 

Author Comment

by:YankeeFan03
ID: 35118984
Do you mean I can use the AD MSC gui to assign the roles to the dc online and then do the cleanup in the article or is it the other way around?  Do the cleanup in the article and then do the FSMO role assignment in the AD MSC gui?
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 375 total points
ID: 35119333
you need to get your fsmo situation straightened out first

from the command line use ntdsutil

at the prompt, type 'roles' then 'connections'
then 'connect to server <dcname>' and it will tell u it connected
then quit (back to fsmo maintenance prompt)
then do the following (each will display windows prompt to confirm role seizure)

seize domain naming master
seize infrastructure master
seize pdc
seize rid master
seize schema master

you can do a ? in ntdsutil prompts for help

you can follow the article posted above for metadata cleanup in conjunction with fsmo role seizure
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 375 total points
ID: 35119356
actually, you should seize the roles first as it could be possible the metadata cleanup might fail if the old DC had the schema master role and is not available
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 375 total points
ID: 35119394
once your fsmo role issue is resolved, then check to make sure the computer account for the exchange server is good.  If this DC is a GC then the exchange services could work at that level, though there maybe other issues preventing it.  post any exchange messages from the event logs here.

if that dc was down or disconnected for 3-4 months, you won't see changes from accounts (mailbox related) since then.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question