Recreate a child domain for an existing domain

Did you only have one DC in that child domain?  If you are going to rebuild the child from scratch you will want to cleanup (metadata cleanup) the dead domain

http://davehope.co.uk/Blog/removing-a-child-domain-that-no-longer-exists/

Then start the build out of the new child domain.

Thanks

Mike

You should be able to bring up a domain controller in the child domain.  If you only had one DC in the child domain and it failed you're going to have some cleanup to do.  You won't be able to bring it up with the same name and attempt to "Resolve" the replication issues since the new DC with have different SID's.  

For Windows 2003 you'll need to use the NTDSUtil command that will remove the old domain controller.  A handy step by step is located here:

http://support.microsoft.com/kb/216498

If it's Windows 2008 you should be able to delete the DC in Active Directory Users and Computers and it will do the cleanup for you.  

Steps:

1.  Bring up the new DC with DNS and ensure replication is ok (no errors in event logs etc)
2.  Delete the orphaned Domain Controller.

I have a Windows 2008 server running a DC.  The domain is acb.org.br.  I need to recreate a child domain pub.acb.org.br running Windows 2003 Server R2.  You said that If it's Windows 2008 I should be able to delete the DC in Active Directory Users and Computers and it will do the cleanup for you.   I think that is the easiest way, right?

If it is a child domain you need to delete you will not see that DC in acb.org.br.   The metadata cleanup needs to be done for the domain not just one DC.

Thanks

Mike

My old server name was vit-srv001.  Do I have to create another server name?

Yes, it's advisable NOT to use the same name.  It'll make cleanup much more difficult.  Not impossible, just difficult.

OK.  Let me explain what I'm gonna do:
1 - change server name (my server that crashes)
2 - Execute steps: http://davehope.co.uk/Blog/removing-a-child-domain-that-no-longer-exists/ on my Windows 2008 Server.  It's a GC.
3 - Install DNS, configure network interface on my new server
4 - Run dcpromo

Is it OK?

OK.  Let me explain what I'm gonna do:
1 - change server name (my server that crashes) - May I use the same IP number?
2 - Execute steps: http://davehope.co.uk/Blog/removing-a-child-domain-that-no-longer-exists/ on my Windows 2008 Server.  It's a GC.
3 - Install DNS, configure network interface on my new server
4 - Run dcpromo



Is that OK?

Yep, that will work.  That will completely remove your child domain and you'll rebuild it from scratch.  You'll need to re-add all computers, servers and printers to the child domain after doing the above. (Step 5)

If you performed the cleanup correctly as advised by the other experts then the domain naming master role holder shouldn't bark at you. Good luck.

Sorry but I think I'm a little confused.  In my child domain pub.acb.org.br I have 3 servers (vit-srv001, pit-srv001, mag-srv001) in different networks, so I can't remove child domain, right?  I just want to remove one server (vit-srv001) and re-add to that child domain.  (all servers are DC)

Here's my advice.

If you only had one DC and it crashed in your environment, then you lost the role holder for the domain.

With that said disjoin your other servers.

Cleanup your environment using Active Directory Sites and Services. Replicate this change using AD SS or running repadmin /syncall.

Your Domain Naming Master should be aware of the deletion allowing you to create the child domain again. Now join your other servers to this domain.

Another advice for the future is two have a minimum of two DCs per domain.

I have 3 DCs per child domain.

All three of those servers are DCs?

Yes.  All of them are DCs.

I couldn't run netdom query fsmo in my child domain servers but in my parent domain server I got:
C:\Users\Administrator>netdom query fsmo
Schema master                     SSAMN2.acb.org.br
Domain naming master        SSAMN2.acb.org.br
PDC                         SSAMN002.acb.org.br
RID pool manager            SSAMN2.acb.org.br
Infrastructure master       SSAMN2.acb.org.br
The command completed successfully.

those three servers in the child are listed during metadata cleanup?

Do any of those role holders belong to the broken server?

No.  The broken server is another one.  ssamn2.acb.org.br is a GC.  It's my parent domain.  I didn't run metadata cleanup because I think it's not necessary cause I won't delete child domain. Just re-add my broken server to it (pub.acb.org.br - child domain).

May I check "Use Delete SubTree server control"?  I appears a dialog box when I try to delete the server from my child domain.  I have 2 other servers in the same child domain.  It is safe to check that?

You only want to delete the non-existent server. Do not touch the other servers.

I couldn't delete.  I got error:

Do not delete the VIT-SRV001 container object. VIT-SRV001 contains objects representing Domain Controller VIT-SRV001 and possibly other DCs.  To delete these objects, demote the DCs using the Active Directory Domain Services Installation Wizard (DCPROMO).  If the DCs represented by these objects are permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), you must delete them one at a time.

Sorry.  I think I should right click server name and click delete in submenu.  When I right click NTDS settings I got the dialog box.  See file.

That's fine. Acknowledge and click Delete.

Great.  I could delete it.
I have some questions:
1 - May I use the same server name and IP number?
2 - Should I install DNS now or while running dcpromo?
3 - Run dcpromo.
4 - How can I make sure that the procedure (deleted DC) was replicated to other DCs?

1 Yes
2+3 Let the DCPROMO process install the DNS role
4 repadmin /syncall

OK.  Thank you.  First step done!  :)
Do I still have to run metadata cleanup?

Now I will run dcpromo.  My server is almost done!

No, W2K8 does a great job of cleaning up on its own.

When I try to re-add my server to the child domain I got the following error.
See file.

Did you join the computer to the domain first and then try a dcpromo?

No.  I didn't do that.

Join and then try your dcpromo again.

I joined to the domain first and try to dcpromo but the same error occurred.

Also check your parent level as well.

Great.   I found the old DC in ADUC and deleted it.  Now I could join my server to the domain.  It's a DC now.
When I open ADUC in my new server, the dc that is loaded is not vit-srv001 but pit-srv001.  I think it is still updating, is that right?

The entry in ADUC should be based on what you named the server.

Double check your name:

echo %computername%

Great!  Everything is OK now.  Thank you very much.

No problem.