Server 2008 backup domain controller
Hi There
I setup a 2008 r2 server, promoted it to a DC. I then built a second box, and also made it a DC on the same domain - so effectively I have a PDC and a BDC. I then built a third box, and did the same - so I had three domain controllers for my domain. I had a separate dhcp server - and still do , so its only dns and the actual directory that gets replicated to my knowledge. The 3rd box - I want to VM it - and was going to go through a backup / restore method to get the box virtualized but I am thinking to myself - rather to just format the physical box (the 3rd one) and create a VM - then promote it - but I want the third DC (the VM one) to have the same name as the 3rd physical one I have already formated. I jumped the gun and formated the third box because I knew I had a backup of the 3rd box - getting the restore into the VM is easy enough if I boot from the DVD - then run a recover using the image I created - but I am doing this remotely and I cant insert a DVD - and downloading and mounting the ISO is too much effort now. Although I could do that I am interested in knowing if its possible to simply rename the VM I have created (which is currently a normal member server) rename it to the same name of the now missing 3rd DC, then run DCPROMO, - what will happen - will it error and say I am trying to create a DC that already exists - or does it give me the option to replace the missing one?
Or do I have to remove the missing one from the directory - using some other method - before I can add another one with the same name? I guess because the two main or first two DCs are up and running, I dont really need to do a restore. I also didn't want to use disk to VHD as although I have used that with success before I want to try something different.
More info about what I have done - in trying to get the restore going - I created a VM - then booted it from the network - then I did a network install of 2008 r2. I then rebooted the VM , choose recover - and attempted a restore - which looked promising - it was going to format the drive and all - but as I had copied the windows imagebackup to the local drive of the VM - it would not continue. I guess I would have to create a second drive for the VM - and move the backup files across and try again - and now that I think about it that might work as booting from the DVD should actually give me the same problem as I have the restore files on the local drive.
But anyway - although I may have a work around - I am keen to know what happens when you try to promote a server to a DC in a domain , that already had a DC of the same name - but that DC no longer exists.
Any feedback is greatly appreciated.
I setup a 2008 r2 server, promoted it to a DC. I then built a second box, and also made it a DC on the same domain - so effectively I have a PDC and a BDC. I then built a third box, and did the same - so I had three domain controllers for my domain. I had a separate dhcp server - and still do , so its only dns and the actual directory that gets replicated to my knowledge. The 3rd box - I want to VM it - and was going to go through a backup / restore method to get the box virtualized but I am thinking to myself - rather to just format the physical box (the 3rd one) and create a VM - then promote it - but I want the third DC (the VM one) to have the same name as the 3rd physical one I have already formated. I jumped the gun and formated the third box because I knew I had a backup of the 3rd box - getting the restore into the VM is easy enough if I boot from the DVD - then run a recover using the image I created - but I am doing this remotely and I cant insert a DVD - and downloading and mounting the ISO is too much effort now. Although I could do that I am interested in knowing if its possible to simply rename the VM I have created (which is currently a normal member server) rename it to the same name of the now missing 3rd DC, then run DCPROMO, - what will happen - will it error and say I am trying to create a DC that already exists - or does it give me the option to replace the missing one?
Or do I have to remove the missing one from the directory - using some other method - before I can add another one with the same name? I guess because the two main or first two DCs are up and running, I dont really need to do a restore. I also didn't want to use disk to VHD as although I have used that with success before I want to try something different.
More info about what I have done - in trying to get the restore going - I created a VM - then booted it from the network - then I did a network install of 2008 r2. I then rebooted the VM , choose recover - and attempted a restore - which looked promising - it was going to format the drive and all - but as I had copied the windows imagebackup to the local drive of the VM - it would not continue. I guess I would have to create a second drive for the VM - and move the backup files across and try again - and now that I think about it that might work as booting from the DVD should actually give me the same problem as I have the restore files on the local drive.
But anyway - although I may have a work around - I am keen to know what happens when you try to promote a server to a DC in a domain , that already had a DC of the same name - but that DC no longer exists.
Any feedback is greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes you can rename the VM machine and run the DCPROMO.
The AD will think that you are recovering from a diaster and will make this machine the third DC.
This is only possible because you have not removed the DC from the domain and AD has the third DC in its directory.
I think this option was introduced from Windows 2003, you can google it f you like.
The AD will think that you are recovering from a diaster and will make this machine the third DC.
This is only possible because you have not removed the DC from the domain and AD has the third DC in its directory.
I think this option was introduced from Windows 2003, you can google it f you like.
ASKER
Hi All, firstly thank you all for the replies - sorry I am only getting back to this now - went on leave.
Ok, to reply to the first comment - cool - I figured its not techinically a PDC and BDC anymore - was just trying to explain the setup a bit better - so its been since 2000 MS changed the approach, ok. I user hyper V. And to my knowledge all are Global Catalog servers.
For the second comment, so only the first box has the FSMO roles? How would move these roles over to the 3rd box? (The VM box once I have re-incorporated it into the domain)
I dont want to end with 3 DC's. I only intended to have 2 (the two physical boxes) - but now I dont want the original 2 to be DC's at all anymore - I want to remove that role from them and change them to member servers only. I plan to have the VM as the only DC when I am finished - as I will be able to recover easily as I will keep an export of the VM handy , as well as a backup etc - and I am quite confident that shoudl be enough.
More info - the two phisical boxes are file servers - well currently more than just file servers, but I want to end up with them only being file severs.
For the third comment, cool I will try - I think I tried something back in 2003 or around that period (tried to promote a sever to a DC that had a name of a failed DC and that did not work) I had to first use ntdsutils or something like that to remove the traces of the old controller, I think, cant remember to clearly.
Cool, makes sense to build that into the OS - to see you may be attempting a recovery :)
I'll try that - if that works then I will have my 3rd DC, which I need to make the only DC - so I must move the roles across? Will running DCPROMO on the other 2 boxes, cleanly allow me to do this?
Ok, to reply to the first comment - cool - I figured its not techinically a PDC and BDC anymore - was just trying to explain the setup a bit better - so its been since 2000 MS changed the approach, ok. I user hyper V. And to my knowledge all are Global Catalog servers.
For the second comment, so only the first box has the FSMO roles? How would move these roles over to the 3rd box? (The VM box once I have re-incorporated it into the domain)
I dont want to end with 3 DC's. I only intended to have 2 (the two physical boxes) - but now I dont want the original 2 to be DC's at all anymore - I want to remove that role from them and change them to member servers only. I plan to have the VM as the only DC when I am finished - as I will be able to recover easily as I will keep an export of the VM handy , as well as a backup etc - and I am quite confident that shoudl be enough.
More info - the two phisical boxes are file servers - well currently more than just file servers, but I want to end up with them only being file severs.
For the third comment, cool I will try - I think I tried something back in 2003 or around that period (tried to promote a sever to a DC that had a name of a failed DC and that did not work) I had to first use ntdsutils or something like that to remove the traces of the old controller, I think, cant remember to clearly.
Cool, makes sense to build that into the OS - to see you may be attempting a recovery :)
I'll try that - if that works then I will have my 3rd DC, which I need to make the only DC - so I must move the roles across? Will running DCPROMO on the other 2 boxes, cleanly allow me to do this?
ASKER
Hi all
Ok, sorry I didnt read the second reply completely before I posted my reply. Um, what have I done that is regared as an unstable network? Having 3 DCs? I understand its overkill but dont feel its someting that shoudl be regarded as unstable, shoudl it? I appreciate your advice, and I shoudl try what I am doing in a test environment, but I dont have the time to build it, althoug I technically could - so thats why I paid for this service - to ask experts like your self if something is possibe. I am getting conflicting results though - I had a feeling its not possible - however SaadAhmedFarooqui mentioned it is possible - so I will google it a bit and see, although I think the whole removal process is not such a pain to go through - but in my mind thats actually more dirty than if by attempting to promote a server that has the name of the failed DC - and during that process it actually allows you to because MS has built in a recovery option into the DCPROMO process in 2008 - in my mind that is actually a better more stable approach to deleting the old DC using the advice on PETRI. I would think to only use that approach if what SaadAhmedFarooqui: says is not true - or if one does not want to replace the failed DC . So far I have spent no time trouble shooting - except in trying to get the backup of the third DC into the VM - but thats not trouble shooting on the domain level - thats more on a OS install side - which keeps giving me a "the recovery information is on the drive that needs to be formatted" error - which I am not sure why yet - but I will spend more time on it later - unless SaadAhmedFarooqui: advice works - then I dont need to troubleshoot that process.
All in all, I think all your advice helpful so far.
Kind Regards
Basil
Ok, sorry I didnt read the second reply completely before I posted my reply. Um, what have I done that is regared as an unstable network? Having 3 DCs? I understand its overkill but dont feel its someting that shoudl be regarded as unstable, shoudl it? I appreciate your advice, and I shoudl try what I am doing in a test environment, but I dont have the time to build it, althoug I technically could - so thats why I paid for this service - to ask experts like your self if something is possibe. I am getting conflicting results though - I had a feeling its not possible - however SaadAhmedFarooqui mentioned it is possible - so I will google it a bit and see, although I think the whole removal process is not such a pain to go through - but in my mind thats actually more dirty than if by attempting to promote a server that has the name of the failed DC - and during that process it actually allows you to because MS has built in a recovery option into the DCPROMO process in 2008 - in my mind that is actually a better more stable approach to deleting the old DC using the advice on PETRI. I would think to only use that approach if what SaadAhmedFarooqui: says is not true - or if one does not want to replace the failed DC . So far I have spent no time trouble shooting - except in trying to get the backup of the third DC into the VM - but thats not trouble shooting on the domain level - thats more on a OS install side - which keeps giving me a "the recovery information is on the drive that needs to be formatted" error - which I am not sure why yet - but I will spend more time on it later - unless SaadAhmedFarooqui: advice works - then I dont need to troubleshoot that process.
All in all, I think all your advice helpful so far.
Kind Regards
Basil
ASKER
Hi SaadAhmedFarooqui:, sorry its not possible, two problems, basicalyl you cant rename the computer / server to the same name as the failed domain controller - it give you an error stating the account already exists. So I removed machine from domain - then renamed it - and tried the dc promo, but it does the same thing when trying to promote the server - also complains that the account already exists - so I have to agree with Leew that you need to first remove the failed domain controller. I managed to get the failed domain controller going - had a image of the drive - so I booted up the physical box - demoted it - and now I am free to create a 3rd DC, in a VM, then I will try to remove the first two physical DC's by demotign them to member servers.
ASKER
Any advice on the steps to demote the other boxes?
I beleive you will need to supply the following parameter with DCpromo
DCpromo /AllowDomainControllerRein
Specifies whether to continue installing this domain controller, despite the fact that another domain controller account with the same name is detected.
Use Yes only if you are sure that the account is not currently used by another domain controller.
The default is No.
Reference: http://technet.microsoft.com/en-us/library/cc732887(WS.10).aspx
DCpromo /AllowDomainControllerRein
Specifies whether to continue installing this domain controller, despite the fact that another domain controller account with the same name is detected.
Use Yes only if you are sure that the account is not currently used by another domain controller.
The default is No.
Reference: http://technet.microsoft.com/en-us/library/cc732887(WS.10).aspx
Out of these three DC which one has or had FISMO role.
Also, I hope all three are GC.