Solved

I need to replace a Windows 2003 r2 Domain Controller to replace one that died last night

Posted on 2013-05-22
7
330 Views
Last Modified: 2013-06-18
I have a big problem and I need to replace a Windows 2003 r2 Domain Controller to replace one that died last night. I also have a Windows 2008 R2 DC that holds all of the roles.
I have a File Server running Windows 2003 r2 that I want to promote to a DC take over the place of the one that died.

Any advice on how to do this would be appreaciated.
0
Comment
Question by:revellej
  • 3
  • 2
  • 2
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 39188906
I'm assuming it died you were not able to demote it and you don't plan to fix it.  You will need to cleanout (metadata cleanup) that dead DC

http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

You don't have to worry about FSMO roles.   When it is cleaned up you can promote the other box (dcpromo)

I'd personally try to promote a new box (not a file server) but sometimes that is all you have.

If you had clients pointing to that old box for DNS make sure they are updated.

Thanks


Mike
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 39188911
Delete the failed DC from AD in the 2008 R2 server's Active Directory Users and Computers.

Run DCPROMO on the 2003 R2 file server and READ and follow the screens.

(I'd make a system state backup of the 2008 R2 system first and run DCDIAG /C /E /V on the remaining DC, resolving any unexpected issues to be safe).
0
 

Author Comment

by:revellej
ID: 39188931
I have the following script that I ran once before... (Yes... this has happened before lol) that should remove the metadata I think:

REM    ==========================================================
REM                GUI Metadata Cleanup Utility
REM             Written By Clay Perrine
REM                          Version 2.5
REM    ==========================================================
REM     This tool is furnished "AS IS". NO warranty is expressed or Implied.

on error resume next
dim objRoot,oDC,sPath,outval,oDCSelect,objConfiguration,objContainer,errval,ODCPath,ckdcPath,myObj,comparename

rem =======This gets the name of the computer that the script is run on ======

Set sh = CreateObject("WScript.Shell")
key= "HKEY_LOCAL_MACHINE"
computerName = sh.RegRead(key & "\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName")

rem === Get the default naming context of the domain====

set objRoot=GetObject("LDAP://RootDSE")
sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")

rem === Get the list of domain controllers====

Set objConfiguration = GetObject(sPath)
For Each objContainer in objConfiguration
    outval = outval & vbtab &  objContainer.Name & VBCRLF
Next
outval = Replace(outval, "CN=", "")

rem ==Retrieve the name of the broken DC from the user and verify it's not this DC.===

oDCSelect= InputBox (outval," Enter the computer name to be removed","")
comparename = UCase(oDCSelect)

if comparename = computerName then
    msgbox "The Domain Controller you entered is the machine that is running this script." & vbcrlf & _
        "You cannot clean up the metadata for the machine that is running the script!",,"Metadata Cleanup Utility Error."
    wscript.quit
End If

sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sPath)

For Each objContainer in objConfiguration
    Err.Clear
    ckdcPath = "LDAP://" & "CN=" & oDCSelect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
    set myObj=GetObject(ckdcPath)
    If err.number <>0 Then
        errval= 1
    End If
Next

If errval = 1 then
    msgbox "The Domain Controller you entered was not found in the Active Directory",,"Metadata Cleanup Utility Error."
    wscript.quit
End If

abort = msgbox ("You are about to remove all metadata for the server " & oDCSelect & "! Are you sure?",4404,"WARNING!!")
if abort <> 6 then
    msgbox "Metadata Cleanup Aborted.",,"Metadata Cleanup Utility Error."
    wscript.quit
end if

oDCSelect = "CN=" & oDCSelect
ODCPath ="LDAP://" & oDCselect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
sSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sSitelist)
For Each objContainer in objConfiguration
    Err.Clear
    sitePath = "LDAP://" & oDCSelect & ",CN=Servers," &  objContainer.Name & ",CN=Sites,CN=Configuration," & _
        objRoot.Get("defaultNamingContext")
    set myObj=GetObject(sitePath)
    If err.number = 0 Then
        siteval = sitePath
    End If    
Next

sFRSSysvolList = "LDAP://CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
    objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sFRSSysvolList)

For Each objContainer in objConfiguration
    Err.Clear
    SYSVOLPath = "LDAP://" & oDCSelect & ",CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
        objRoot.Get("defaultNamingContext")
    set myObj=GetObject(SYSVOLPath)
    If err.number = 0 Then
        SYSVOLval = SYSVOLPath
    End If
Next

SiteList = Replace(sSitelist, "LDAP://", "")
VarSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext")
Set SiteConfiguration = GetObject(VarSitelist)

For Each SiteContainer in SiteConfiguration
    Sitevar = SiteContainer.Name
    VarPath ="LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
    Set DCConfiguration = GetObject(VarPath)
    For Each DomContainer in DCConfiguration
        DCVar = DomContainer.Name
        strFromServer = ""
        NTDSPATH =  DCVar & ",CN=Servers," & SiteVar & "," & SiteList
        GuidPath = "LDAP://CN=NTDS Settings,"& NTDSPATH
        Set objCheck = GetObject(NTDSPATH)
        For Each CheckContainer in objCheck
rem ====check for valid site paths =======================
            ldapntdspath = "LDAP://" & NTDSPATH
            Err.Clear
            set exists=GetObject(ldapntdspath)
            If err.number = 0 Then
                Set oGuidGet = GetObject(GuidPath)
                For Each objContainer in oGuidGet
                    oGuid = objContainer.Name
                    oGuidPath = "LDAP://" & oGuid & ",CN=NTDS Settings," & NTDSPATH  
                    Set objSitelink = GetObject(oGuidPath)
                    objSiteLink.GetInfo
                    strFromServer = objSiteLink.Get("fromServer")
                    ispresent = Instr(1,strFromServer,oDCSelect,1)

                    if ispresent <> 0 then
                        Set objReplLinkVal = GetObject(oGuidPath)
                        objReplLinkVal.DeleteObject(0)
                    end if
                next

                sitedelval = "CN=" & comparename & ",CN=Servers," & SiteVar & "," & SiteList
                if sitedelval = ntdspath then
                    Set objguidpath = GetObject(guidpath)
                    objguidpath.DeleteObject(0)
                    Set objntdspath = GetObject(ldapntdspath)
                    objntdspath.DeleteObject(0)
                end if
            End If
        next
    next
next
Set AccountObject = GetObject(ckdcPath)
temp=Accountobject.Get ("userAccountControl")
AccountObject.Put "userAccountControl", "4096"
AccountObject.SetInfo
Set objFRSSysvol = GetObject(SYSVOLval)
objFRSSysvol.DeleteObject(0)
Set objComputer = GetObject(ckdcPath)
objComputer.DeleteObject(0)
Set objConfig = GetObject(siteval)
objConfig.DeleteObject(0)
oDCSelect = Replace(oDCSelect, "CN=", "")
msgval = "Metadata Cleanup Completed for " & oDCSelect
msgbox  msgval,,"Notice."
wscript.quit
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39188940
Please read my comment.

In 2008 R2, metadata cleanup is automated.  All you have to do is what I said - Delete the failed DC from AD in the 2008 R2 server's Active Directory Users and Computers.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39188943
Just deleting the old box from ADUC will also do it (see the link I posted).  Microsoft has made this much easier from a 2008 DC

Thanks

Mike
0
 

Author Comment

by:revellej
ID: 39189206
Excellent, Thank you both very much for the help with this. it was a lot less involved then I expected. I removed the Server from AD in the 2008 R2 Server and run DCDIAG /C /E /V on the remaining DC and everything is looking good. I'll work on the DCPromo, DNS and setup DHCP scopes tomorrow.
is there anything alse that you can think of that I need to worry about?
0
 

Author Closing Comment

by:revellej
ID: 39257527
Sorry it took me so long to get back to you on this. I ended up getting a new server to replace the one that died.
Thanks again for your help on this.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question