kdonnelly81
asked on
Primary Domain controller lost trust relationship with Backup Domain controller Help!
Hi All
I restored our Main domain controller from image now the backup domain controller cannot see it and I cant demote the backup domain controller. I wanted to Demote the backup domain controller then put it onto a work group then add it back to the domain to reestablish the thrust relationship between the 2 servers. Then promote it back to a backup domain controller.
Both servers are running Windows Server 2003 SP 2.
I restored our Main domain controller from image now the backup domain controller cannot see it and I cant demote the backup domain controller. I wanted to Demote the backup domain controller then put it onto a work group then add it back to the domain to reestablish the thrust relationship between the 2 servers. Then promote it back to a backup domain controller.
Both servers are running Windows Server 2003 SP 2.
You will have to remove the server you just restored from the domain, then re-add to the domain (using the backup domain controller as the master for the moment). This means there will then be a trust, you would then be able to promote the restored server back to domain controller and the other can be de-moted to backup domain controller.
No AD settings should be lost with this as the backup domain controller holds all the information.
Anyother way is to look through the backup domain controllers ad, and see if the server is there at all (in either domain controllers or computers). Sometimes if the trust relationship has been lost (and its that simple) you will be able to "right click" and re-enable to account, which should restore the trust...
No AD settings should be lost with this as the backup domain controller holds all the information.
Anyother way is to look through the backup domain controllers ad, and see if the server is there at all (in either domain controllers or computers). Sometimes if the trust relationship has been lost (and its that simple) you will be able to "right click" and re-enable to account, which should restore the trust...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Neilsr,
It was 3 weeks old. Only the restored server was a GC. Yea i have had loads of problems but most solved now. To make thinks worse the domain controller that I restored is also our exchange server. I know its not recommended but we are currently moving over to office 365.
I have no problem trashing the domain controller with exchange when we do make the move. But I would like 2 keep the domain.
It was 3 weeks old. Only the restored server was a GC. Yea i have had loads of problems but most solved now. To make thinks worse the domain controller that I restored is also our exchange server. I know its not recommended but we are currently moving over to office 365.
I have no problem trashing the domain controller with exchange when we do make the move. But I would like 2 keep the domain.
ASKER
Hi PaciB,
I was restoring from 2 crashed disks in the RAID 5. Which took down the server until I replaced the 2 disks. Had 2 rebuild the array and restore the image. To make thinks worse the domain controller that I restored is also our exchange server. Thats why i had the server imaged. I know its not recommended but we are currently moving over to office 365.
All is working at the moment. But its a mess. I think the best thing to do is promote another server to AD then transfer the FSMO roles from the restored DC. then demote the restored DC and scrap it.
I was restoring from 2 crashed disks in the RAID 5. Which took down the server until I replaced the 2 disks. Had 2 rebuild the array and restore the image. To make thinks worse the domain controller that I restored is also our exchange server. Thats why i had the server imaged. I know its not recommended but we are currently moving over to office 365.
All is working at the moment. But its a mess. I think the best thing to do is promote another server to AD then transfer the FSMO roles from the restored DC. then demote the restored DC and scrap it.
ASKER
The restored DC is the master FSMO. If I transfer them to a new DC is it alright to scrap the old restored DC?
Lesson learned about backing up a DC (system state). Thanks guys for all the help!
Lesson learned about backing up a DC (system state). Thanks guys for all the help!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks everyone!
Are BOTH domain controllers GC servers? Are clients authenticating against the one you reimaged or the other? Trusts and passwords are very sensitive to such things and you may find you need to trash one server or the other and rebuild.
This is why system state backups are soooo very important.
How old was the image?