Solved

I need to replace a Windows 2003 r2 Domain Controller to replace one that died last night

Posted on 2013-05-22
7
323 Views
Last Modified: 2013-06-18
I have a big problem and I need to replace a Windows 2003 r2 Domain Controller to replace one that died last night. I also have a Windows 2008 R2 DC that holds all of the roles.
I have a File Server running Windows 2003 r2 that I want to promote to a DC take over the place of the one that died.

Any advice on how to do this would be appreaciated.
0
Comment
Question by:revellej
  • 3
  • 2
  • 2
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
Comment Utility
I'm assuming it died you were not able to demote it and you don't plan to fix it.  You will need to cleanout (metadata cleanup) that dead DC

http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

You don't have to worry about FSMO roles.   When it is cleaned up you can promote the other box (dcpromo)

I'd personally try to promote a new box (not a file server) but sometimes that is all you have.

If you had clients pointing to that old box for DNS make sure they are updated.

Thanks


Mike
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
Comment Utility
Delete the failed DC from AD in the 2008 R2 server's Active Directory Users and Computers.

Run DCPROMO on the 2003 R2 file server and READ and follow the screens.

(I'd make a system state backup of the 2008 R2 system first and run DCDIAG /C /E /V on the remaining DC, resolving any unexpected issues to be safe).
0
 

Author Comment

by:revellej
Comment Utility
I have the following script that I ran once before... (Yes... this has happened before lol) that should remove the metadata I think:

REM    ==========================================================
REM                GUI Metadata Cleanup Utility
REM             Written By Clay Perrine
REM                          Version 2.5
REM    ==========================================================
REM     This tool is furnished "AS IS". NO warranty is expressed or Implied.

on error resume next
dim objRoot,oDC,sPath,outval,oDCSelect,objConfiguration,objContainer,errval,ODCPath,ckdcPath,myObj,comparename

rem =======This gets the name of the computer that the script is run on ======

Set sh = CreateObject("WScript.Shell")
key= "HKEY_LOCAL_MACHINE"
computerName = sh.RegRead(key & "\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName")

rem === Get the default naming context of the domain====

set objRoot=GetObject("LDAP://RootDSE")
sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")

rem === Get the list of domain controllers====

Set objConfiguration = GetObject(sPath)
For Each objContainer in objConfiguration
    outval = outval & vbtab &  objContainer.Name & VBCRLF
Next
outval = Replace(outval, "CN=", "")

rem ==Retrieve the name of the broken DC from the user and verify it's not this DC.===

oDCSelect= InputBox (outval," Enter the computer name to be removed","")
comparename = UCase(oDCSelect)

if comparename = computerName then
    msgbox "The Domain Controller you entered is the machine that is running this script." & vbcrlf & _
        "You cannot clean up the metadata for the machine that is running the script!",,"Metadata Cleanup Utility Error."
    wscript.quit
End If

sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sPath)

For Each objContainer in objConfiguration
    Err.Clear
    ckdcPath = "LDAP://" & "CN=" & oDCSelect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
    set myObj=GetObject(ckdcPath)
    If err.number <>0 Then
        errval= 1
    End If
Next

If errval = 1 then
    msgbox "The Domain Controller you entered was not found in the Active Directory",,"Metadata Cleanup Utility Error."
    wscript.quit
End If

abort = msgbox ("You are about to remove all metadata for the server " & oDCSelect & "! Are you sure?",4404,"WARNING!!")
if abort <> 6 then
    msgbox "Metadata Cleanup Aborted.",,"Metadata Cleanup Utility Error."
    wscript.quit
end if

oDCSelect = "CN=" & oDCSelect
ODCPath ="LDAP://" & oDCselect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
sSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sSitelist)
For Each objContainer in objConfiguration
    Err.Clear
    sitePath = "LDAP://" & oDCSelect & ",CN=Servers," &  objContainer.Name & ",CN=Sites,CN=Configuration," & _
        objRoot.Get("defaultNamingContext")
    set myObj=GetObject(sitePath)
    If err.number = 0 Then
        siteval = sitePath
    End If    
Next

sFRSSysvolList = "LDAP://CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
    objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sFRSSysvolList)

For Each objContainer in objConfiguration
    Err.Clear
    SYSVOLPath = "LDAP://" & oDCSelect & ",CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
        objRoot.Get("defaultNamingContext")
    set myObj=GetObject(SYSVOLPath)
    If err.number = 0 Then
        SYSVOLval = SYSVOLPath
    End If
Next

SiteList = Replace(sSitelist, "LDAP://", "")
VarSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext")
Set SiteConfiguration = GetObject(VarSitelist)

For Each SiteContainer in SiteConfiguration
    Sitevar = SiteContainer.Name
    VarPath ="LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
    Set DCConfiguration = GetObject(VarPath)
    For Each DomContainer in DCConfiguration
        DCVar = DomContainer.Name
        strFromServer = ""
        NTDSPATH =  DCVar & ",CN=Servers," & SiteVar & "," & SiteList
        GuidPath = "LDAP://CN=NTDS Settings,"& NTDSPATH
        Set objCheck = GetObject(NTDSPATH)
        For Each CheckContainer in objCheck
rem ====check for valid site paths =======================
            ldapntdspath = "LDAP://" & NTDSPATH
            Err.Clear
            set exists=GetObject(ldapntdspath)
            If err.number = 0 Then
                Set oGuidGet = GetObject(GuidPath)
                For Each objContainer in oGuidGet
                    oGuid = objContainer.Name
                    oGuidPath = "LDAP://" & oGuid & ",CN=NTDS Settings," & NTDSPATH  
                    Set objSitelink = GetObject(oGuidPath)
                    objSiteLink.GetInfo
                    strFromServer = objSiteLink.Get("fromServer")
                    ispresent = Instr(1,strFromServer,oDCSelect,1)

                    if ispresent <> 0 then
                        Set objReplLinkVal = GetObject(oGuidPath)
                        objReplLinkVal.DeleteObject(0)
                    end if
                next

                sitedelval = "CN=" & comparename & ",CN=Servers," & SiteVar & "," & SiteList
                if sitedelval = ntdspath then
                    Set objguidpath = GetObject(guidpath)
                    objguidpath.DeleteObject(0)
                    Set objntdspath = GetObject(ldapntdspath)
                    objntdspath.DeleteObject(0)
                end if
            End If
        next
    next
next
Set AccountObject = GetObject(ckdcPath)
temp=Accountobject.Get ("userAccountControl")
AccountObject.Put "userAccountControl", "4096"
AccountObject.SetInfo
Set objFRSSysvol = GetObject(SYSVOLval)
objFRSSysvol.DeleteObject(0)
Set objComputer = GetObject(ckdcPath)
objComputer.DeleteObject(0)
Set objConfig = GetObject(siteval)
objConfig.DeleteObject(0)
oDCSelect = Replace(oDCSelect, "CN=", "")
msgval = "Metadata Cleanup Completed for " & oDCSelect
msgbox  msgval,,"Notice."
wscript.quit
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
Please read my comment.

In 2008 R2, metadata cleanup is automated.  All you have to do is what I said - Delete the failed DC from AD in the 2008 R2 server's Active Directory Users and Computers.
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Just deleting the old box from ADUC will also do it (see the link I posted).  Microsoft has made this much easier from a 2008 DC

Thanks

Mike
0
 

Author Comment

by:revellej
Comment Utility
Excellent, Thank you both very much for the help with this. it was a lot less involved then I expected. I removed the Server from AD in the 2008 R2 Server and run DCDIAG /C /E /V on the remaining DC and everything is looking good. I'll work on the DCPromo, DNS and setup DHCP scopes tomorrow.
is there anything alse that you can think of that I need to worry about?
0
 

Author Closing Comment

by:revellej
Comment Utility
Sorry it took me so long to get back to you on this. I ended up getting a new server to replace the one that died.
Thanks again for your help on this.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now