2nd domain controller removed
I removed 2nd domain controller from Active Directory Domain Controllers, from that time my first domain controller in unavailable. i cannot ping my first DC and i cannot login any client to domain...can anyhelp help me please asap.
Thanks
Thanks
AustinComputerLabs
Do you have the removed DC's IP address in your IP configuration under DNS server?
ASKER
do i have to remove the ip from DNS if its listed there? Can i bring my first domain controller up with all settings and users...???im afraid..
Did you run DCpromo to demote the removed DC or did you just delete it from AD?
What is your goal for this operation?
What is your goal for this operation?
ASKER
my first DC is my DNS server, i dont want to loose anything from my first DC ...what do i have to do to bring my first DC up??
ASKER
well, i just removed second DC from Active Directory...coz i was just facing some errors in event viewer that it was not replicating with DC2. because 1 week back i have formatted second domain controller from my domain..but when i removed the account from the active directory, my first DC is down.
Breath and relax,
you going to have to take me through this slowly with more detail.
What exactly did you do and what was the goal you were doing it to accomplish.
you going to have to take me through this slowly with more detail.
What exactly did you do and what was the goal you were doing it to accomplish.
Is the DC that's no longer available actually the first one you had active directory installed on?
ASKER
i used to have 2 domain controllers in my network, in first dc i have dhcp, dns, and exchange servr, on second dc i dont have anything other than 2nd domain controller, i formatted 2nd domain controller 3 days back, and everything was working fine in my first DC till 1 hour before, i just noticed on first DC some errors in event viwer that dc2 is nt replicating, so i deleted the account of second dc from active directory and restarted the server, and i cannot ping my first dc anymore....i cant login any client to domain as well....i want to bring my first dc up asap..
For future reference the correct way to remove a domain controller is to demote it using DCPROMO. If you do not demote it you have what is called an orphaned domain controller that is a longer process to remove.
What operating system is the current domain controller?
What operating system was the removed domain controller?
What operating system is the current domain controller?
What operating system was the removed domain controller?
ASKER
current domain controller is having win server 2003 and removed domain controller was also win2003 server
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
will my first dc will come up after this with all services??
The first step is to clean the old DC out of AD, then if you still have issues it should be fairly easy to restore services on the current DC.
Orphaned DCs can create all kinds of issues until they are properly removed.
Orphaned DCs can create all kinds of issues until they are properly removed.
ASKER
what if i install win2003 server on other machine and make it dc2 , will my dc1 become online??
No the unique identifiers that AD uses to identify your old DC willnot be the same even if you give it the same name. Unfortunately you will need to follow the steps I have given you.
The good news is it will most likely resolve your issue ;-)
The good news is it will most likely resolve your issue ;-)
ASKER
so all these steps i have to take in my current DC???
as i cannot login to domain now, do i have to take these steps in local admin account???
as i cannot login to domain now, do i have to take these steps in local admin account???
ASKER
what about my exchange server , dns and dhcp settings,, all will remain same??
No
Have you considered:
1) Make sure that DC1 has all of the FSMO roles.
http://support.microsoft.com/kb/324801
2) That your DNS services settings points to DC1
http://support.microsoft.com/kb/825036
3) That your PCs and DC1 uses DC1 as DNS server.
Cheers,
Rene
Have you considered:
1) Make sure that DC1 has all of the FSMO roles.
http://support.microsoft.com/kb/324801
2) That your DNS services settings points to DC1
http://support.microsoft.com/kb/825036
3) That your PCs and DC1 uses DC1 as DNS server.
Cheers,
Rene
Can you log onto the current DC with the administrator account?
Make sure that the network card config has no references to the orphaned DCs IP address.
Make sure that the network card config has no references to the orphaned DCs IP address.
My NO was answering the following question:
"so all these steps i have to take in my current DC???
as i cannot login to domain now, do i have to take these steps in local admin account???"
"so all these steps i have to take in my current DC???
as i cannot login to domain now, do i have to take these steps in local admin account???"
ASKER
well, i did this mistake remotely on DC, so i have to rush to my office to face the situation. and i still have 5 hours to open my office...i will remove the orphaned dc ip address from the network before i start the solution...
will i able to login to domain while my dc is not responsive
do i have to take all these steps in local admin account??
will i able to login to domain while my dc is not responsive
do i have to take all these steps in local admin account??
ASKER
my second domain controller is no more existing while my first dc is down, but i have a machine running with the same ip which was given to second domain controller...
You should be able to log onto the remaining DC at the console and apply the repair.
ASKER
so u mean i will be able to login to current dc ...and i can apply the repair....i didnt ruined anything with dns, or dhcp, i just removed nonexisting Domain controller account name from Active Directory. Hope i get everything back after i repair!!
This happens often when a DC crashes and burns since it is dead there is no way to properly demote it and usually it all comes back once removed from AD.
ASKER
u mean, once dc2 will be removed from AD, everything will come back to normal ???
It should and if not it is almost always something we can fix.
ASKER
well thats a good news for me, my first domain controller is running fine with all services....I didnt take any steps, i step to my office and restarted the server only. Do i have to take any steps to make sure everything is ok?
I found some warning messages in event viewer
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
2. DC=aqeelah,DC=local
Source domain controller:
CN=NTDS Settings,CN=TEST,CN=Server
Source domain controller address:
bc75d12c-6054-4142-802f-e9
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.
I found some warning messages in event viewer
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
2. DC=aqeelah,DC=local
Source domain controller:
CN=NTDS Settings,CN=TEST,CN=Server
Source domain controller address:
bc75d12c-6054-4142-802f-e9
Intersite transport (if any):
This domain controller will be unable to replicate with the source domain controller until this problem is corrected.
User Action
Verify if the source domain controller is accessible or network connectivity is available.
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.
You will want to remove the orphaned DC, but this will give you time to look over the process and do it slowly.
I am glad it is now working for you.
I am glad it is now working for you.
ASKER
Thanks for your help Dear!!
Appreciate....
Appreciate....