• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 391
  • Last Modified:

2003 domain controller issue.

I had a 2003 physical domain controller that blew up on me.  I cant even log into it, both drives went bad.  I am going to replace the drives and rebuild. Will I have a problem with this, since the original was never demoted?  This is one of three domain controllers and is actually our DR DC.  

Also would I have a problem naming it the same?

Thanks Guys!
0
bstrom24
Asked:
bstrom24
  • 7
  • 4
1 Solution
 
tsaicoCommented:
You will have problems naming it the same, and I would just recommend starting with a new name if possible.

As for the PDC, you should be able to seize them for one of the other two DCs, then you have to manually edit the AD for manual removal of the old now dead DC.  Why don't you just use a backup to restore to the new drives?  Even an older DC will update to the current information, then you can demote it and remove or just leave it be.
0
 
bstrom24Author Commented:
This DC is not backed up, it is at our disaster recovery site and was just setup with RAID 1.  Cant believe 2 drives went bad.  The primary is fine.

So you think the new one should be built with a new name?  I can do that.  I have never removed a DC from AD that no longer exists, I have only demoted.      
0
 
tigermattCommented:
You will need to do a metadata cleanup to remove the replication metadata pertaining to the failed DC. To do that, follow these steps: http://technet.microsoft.com/en-us/library/cc736378%28WS.10%29.aspx.

If you do not clean up the metadata, then the remaining boxes will continue trying to talk to a DC which no longer exists.

You should also seize any FSMO roles held by that DC, although it sounds as if this was a remote site which did not hold any operations roles. (Sidebar: "The primary is fine" - in modern AD, there is no "primary" and "backup" Domain Controller, a situation confused somewhat by the old days of NT4 and the continuing existence of the "PDC Emulator" role, which is for some single-master functions but mostly for backwards compatibility reasons).

Once those processes have been completed, you can tidy up references to the old DC's name in DNS and Active Directory Sites and Services, and then reinstall and re-promote a new box.

There are various recommendations and best practices that indicate you should use a new name, while other industry experts will say it does not matter. I have no preference myself, but at least using a different name will allow you to identify a reference to the old DC in a setting/event log message which will then ring alarm bells, rather than get confused as to whether something is referring to the old instance of the DC or the new, freshly promoted instance.

Depending on the connectivity and logistics of transporting the box between your DR and main sites, you might consider promoting the new instance of the DC on the LAN in your main site, getting everything stable, then transporting it back to the DR location.

-Matt
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
bstrom24Author Commented:
I found this step by step article.  Let me know if this will work.  I assume it will.  
I also plan on naming the server the same.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

0
 
tigermattCommented:

Yes, that is correct.
The steps in the article you linked to are essentially the same as those in the first link of my above comment, http:#a37347282.

-Matt
0
 
bstrom24Author Commented:
Thanks Matt for you help!  

Also, this is not a Global Catalog server, so should I still seize the roles?

I will let you know how it goes.  I am waiting for the new drives to come in, then i will have some traveling to do

Thanks again,
Ben.  
0
 
bstrom24Author Commented:
One more thing Matt.  I do plan on keeping the same name.  I discussed it with my Director and he would like it kept if possible.  After running the metadata cleanup, should I still remove it from sites and services/Users and computers or can I keep it there since I will build with same hostname?  

Thanks Matt

Ben
0
 
tigermattCommented:

Hi Ben,

I would clear out references from Sites & Services and Users & Computers, just to keep things clean. Strictly, it should not matter, but a clean slate is always a good idea.

>> this is not a Global Catalog server, so should I still seize the roles

Does the server actually hold any FSMO roles? If so, then yes, they will need seizing.

You can check this by jumping on to an existing DC and executing, from a command prompt:

netdom query fsmo

Open in new window


Note the name of the DC holding each of the 5 roles. If the failed DC is listed next to any of the roles, then you will need to seize the role(s) it held over to a functioning box: http://support.microsoft.com/kb/255504.

You can read more about FSMO roles in my article here: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_2796-Demystifying-the-Active-Directory-FSMO-Roles.html

Let me know how you get on!

-Matt
0
 
bstrom24Author Commented:
Looks like just my primary is holding the roles.  
0
 
tigermattCommented:

Cool. I suspected that was the case given the circumstances.

You just need to run the metadata cleanup then. No seizing required.

-Matt
0
 
bstrom24Author Commented:
Thank you Matt!
0
 
bstrom24Author Commented:
Matt,

Would I have a problem adding a Server 2003 R2 DC?  The other two are 2003 Standard SP2.  I wouldn’t think there would be a problem, but I am just verifying before I promo this DR DC.  

Thanks again for your help!

Ben
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now