[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 533
  • Last Modified:

Our 2008 R2 PDC crashed. How do I make the other 2008 R2 DC the primary

How do I make the other DC the primary.  This is critical
0
J.R. Sitman
Asked:
J.R. Sitman
  • 7
  • 7
1 Solution
 
Krzysztof PytkoActive Directory EngineerCommented:
If it is not possible to bring it back, you need to do metadata cleanup for that broken DC. OPen ADUC console and from "Domain Controllers" OU delete its computer account.

After all, seize FSMO roles to the new DC
http://kpytko.wordpress.com/2011/08/28/seizing-fsmo-roles/

and clean up DHCP setting on statically configured servers and DHCP server. Remove from DNS server lists that IP of failed DC. In DHCP server remove IP of that DC from option no 006

And after you seize PDC Emulator role to the new DC, you need to advertise new time server in your forest

[...]- after transfer of the PDCEmulator role, configure the NEW PDCEmulator to an external timesource and reconfigure the old PDCEmulator to use the domainhierarchie now. Therefore run on the NEW "w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update" where PEERS will be filled with the ip address or server(time.windows.com) and on the OLD one run "w32tm /config /syncfromflags:domhier /reliable:no /update" and stop/start the time service on the old one. All commands run in an elevated command prompt without the quotes. [...]

it's an extract from MVP blog at
http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx

Regards,
Krzysztof
0
 
J.R. SitmanAuthor Commented:
How do I determine if a DC listed n DNS is actually a domain controller?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Try to ping its IP address with -a option to see its name and check if its account is in "Domain Controllers" OU of ADUC console

ping -a DNSIPAddress

Open in new window


or
systeminfo /s DNSIPAddress | find /i "OS Configuration"

Open in new window


Krzysztof
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
J.R. SitmanAuthor Commented:
id did ping 17216.1.34 -a and it gave me a reply but no name.  Then I did ping 172.16.1.34-a and it could not be resolved.  which one is correct?
0
 
Prashant GirennavarCommented:
what are you trying to achieve? Do you know your DC name ? If yes , then ping -a <IP address> of your DC should give you the name.

 From your comments I think you dont have reverse lookup setup.

Let us know your exact requirement and what you are trying to do. (As your question and reply are different).

Thanks,

_Prashant_
0
 
Krzysztof PytkoActive Directory EngineerCommented:
with space between IP and -a
Run

nslookup IPAddress

Open in new window


and check if there is a name. If not that my be not DC server as it is not listed in DNS zone or it is router witch holds DNS (that' might be an issue because AD should use only its internal DNS servers)

Can you run on a DC in command-line

dcdiag /e /c /v /f:c:\dcdiag.log

Open in new window


and attach output file for analyze here, please

Krzysztof
0
 
J.R. SitmanAuthor Commented:
running nslookup displays two server names.  The one that is the PDC and the one that I'm trying to determine if it is infact a DC.  I "Thought" I removed it as a DC, but now I'm not sure.  

logs are attached
DCDIAG.LOG
0
 
Krzysztof PytkoActive Directory EngineerCommented:
This DNS server is unavailable, please check if it exists

Warning: 172.16.1.36 (<name unavailable>) [Invalid (unreachable)]

if not remove it from any statically configured server and DHCP configuration

and on your 2008 server, point DNS to 2003 only as it looks like DNS zone was not replicated. Wait some time 1-2 hours (should be less but wait this time) and check if SYSVOL and DNS is replicating

Krzysztof
0
 
J.R. SitmanAuthor Commented:
.36 was the failed server.  I removed it from DNS.  I change the 2008 to the 2003 DNS.

 How do I check if they are replicating?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
run on a DC

repadmin /showrepl /verbose /all
dcdiag /test:frssysvol

Open in new window


Krzysztof
0
 
J.R. SitmanAuthor Commented:
Thanks, I'll run later
0
 
Krzysztof PytkoActive Directory EngineerCommented:
OK, please let me know then about the results

Krzysztof
0
 
J.R. SitmanAuthor Commented:
Attached are a partial of the results.  I think it's good but don't know how to tell.  The frssysvol test passed on both DC's
replication.png
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Yes, AD replication is working fine :) You can see that in the log above KCC CONNECTION OBJECTS. There are Last attempt at <date and time> was successful>

and if DCDIAG does not show anything related with FRS replication, this is also good :)

Krzysztof
0
 
J.R. SitmanAuthor Commented:
thanks for all the additional help also
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now