Solved

Domain Controller not working After P2V to LAB

Posted on 2012-03-20
3
992 Views
Last Modified: 2012-03-21
Hello,
We have a strange scenario where we P2V'ed a domain controller to an isolated lab environment, after it was successfully migrated, i was able to log in the domain controller using my login name, but can't create any objects, nor can i join computers to that domain in that lab environment.

i seized the RID, PDC, Scheme master and domain naming master roles but still no good.
i'm getting - the directory service was unable to allocate a relative identifier

i'm suspecting that there's a problem with the RID, and saw some information on the web that i should clean all the remaining servers that the domain controller previously connected with (including all the sites) but i fail to understand if it's even related and if so, then why would it solve the problem?

the domain is 2003 native
0
Comment
Question by:johnnyjonathan
3 Comments
 
LVL 2

Accepted Solution

by:
dphantom9002 earned 500 total points
ID: 37744260
until you clean the metadata of any other references to previous Domain Controllers, you will have problems with any number of AD relatded items including replication, RID generation and so forth.

http://technet.microsoft.com/en-us/library/cc736378(v=WS.10).aspx
0
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 37746812
Dear,

1) could you please explain more "We have a strange scenario where we P2V'ed a domain controller to an isolated lab environment"

2) "was able to log in the domain controller using my login name, but can't create any objects" ideally only Domain Admin and Administrators users suppose to do this job.

3)"i seized the RID, PDC, Scheme master and domain naming master roles" why you seize the roles and how you have done this task..
YOur problem could be this, are you sure you have seized the roles properly???
what happened if you run below
start:run>cmd>netdom query fsmo
start:run>cmd>repadmin /showrepl
start:run>cmd>dcdiag

seizing roles should be done only when there is no chance that server will come live, many people like to restore systems stat on same hardware....


4) "i should clean all the remaining servers that the domain controller previously connected with (including all the sites)" you dont have to do this task unless you have failed DCPROMO or Faild DC in your network
0
 

Author Closing Comment

by:johnnyjonathan
ID: 37748305
Thanks, got the idea of adding another DC from your answer!
cleaning up also works but it was easier :)
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question