Solved

I need to replace a Windows 2003 r2 Domain Controller to replace one that died last night

Posted on 2013-05-22
7
333 Views
Last Modified: 2013-06-18
I have a big problem and I need to replace a Windows 2003 r2 Domain Controller to replace one that died last night. I also have a Windows 2008 R2 DC that holds all of the roles.
I have a File Server running Windows 2003 r2 that I want to promote to a DC take over the place of the one that died.

Any advice on how to do this would be appreaciated.
0
Comment
Question by:revellej
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 39188906
I'm assuming it died you were not able to demote it and you don't plan to fix it.  You will need to cleanout (metadata cleanup) that dead DC

http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

You don't have to worry about FSMO roles.   When it is cleaned up you can promote the other box (dcpromo)

I'd personally try to promote a new box (not a file server) but sometimes that is all you have.

If you had clients pointing to that old box for DNS make sure they are updated.

Thanks


Mike
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 39188911
Delete the failed DC from AD in the 2008 R2 server's Active Directory Users and Computers.

Run DCPROMO on the 2003 R2 file server and READ and follow the screens.

(I'd make a system state backup of the 2008 R2 system first and run DCDIAG /C /E /V on the remaining DC, resolving any unexpected issues to be safe).
0
 

Author Comment

by:revellej
ID: 39188931
I have the following script that I ran once before... (Yes... this has happened before lol) that should remove the metadata I think:

REM    ==========================================================
REM                GUI Metadata Cleanup Utility
REM             Written By Clay Perrine
REM                          Version 2.5
REM    ==========================================================
REM     This tool is furnished "AS IS". NO warranty is expressed or Implied.

on error resume next
dim objRoot,oDC,sPath,outval,oDCSelect,objConfiguration,objContainer,errval,ODCPath,ckdcPath,myObj,comparename

rem =======This gets the name of the computer that the script is run on ======

Set sh = CreateObject("WScript.Shell")
key= "HKEY_LOCAL_MACHINE"
computerName = sh.RegRead(key & "\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName")

rem === Get the default naming context of the domain====

set objRoot=GetObject("LDAP://RootDSE")
sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")

rem === Get the list of domain controllers====

Set objConfiguration = GetObject(sPath)
For Each objContainer in objConfiguration
    outval = outval & vbtab &  objContainer.Name & VBCRLF
Next
outval = Replace(outval, "CN=", "")

rem ==Retrieve the name of the broken DC from the user and verify it's not this DC.===

oDCSelect= InputBox (outval," Enter the computer name to be removed","")
comparename = UCase(oDCSelect)

if comparename = computerName then
    msgbox "The Domain Controller you entered is the machine that is running this script." & vbcrlf & _
        "You cannot clean up the metadata for the machine that is running the script!",,"Metadata Cleanup Utility Error."
    wscript.quit
End If

sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sPath)

For Each objContainer in objConfiguration
    Err.Clear
    ckdcPath = "LDAP://" & "CN=" & oDCSelect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
    set myObj=GetObject(ckdcPath)
    If err.number <>0 Then
        errval= 1
    End If
Next

If errval = 1 then
    msgbox "The Domain Controller you entered was not found in the Active Directory",,"Metadata Cleanup Utility Error."
    wscript.quit
End If

abort = msgbox ("You are about to remove all metadata for the server " & oDCSelect & "! Are you sure?",4404,"WARNING!!")
if abort <> 6 then
    msgbox "Metadata Cleanup Aborted.",,"Metadata Cleanup Utility Error."
    wscript.quit
end if

oDCSelect = "CN=" & oDCSelect
ODCPath ="LDAP://" & oDCselect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
sSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sSitelist)
For Each objContainer in objConfiguration
    Err.Clear
    sitePath = "LDAP://" & oDCSelect & ",CN=Servers," &  objContainer.Name & ",CN=Sites,CN=Configuration," & _
        objRoot.Get("defaultNamingContext")
    set myObj=GetObject(sitePath)
    If err.number = 0 Then
        siteval = sitePath
    End If    
Next

sFRSSysvolList = "LDAP://CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
    objRoot.Get("defaultNamingContext")
Set objConfiguration = GetObject(sFRSSysvolList)

For Each objContainer in objConfiguration
    Err.Clear
    SYSVOLPath = "LDAP://" & oDCSelect & ",CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & _
        objRoot.Get("defaultNamingContext")
    set myObj=GetObject(SYSVOLPath)
    If err.number = 0 Then
        SYSVOLval = SYSVOLPath
    End If
Next

SiteList = Replace(sSitelist, "LDAP://", "")
VarSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext")
Set SiteConfiguration = GetObject(VarSitelist)

For Each SiteContainer in SiteConfiguration
    Sitevar = SiteContainer.Name
    VarPath ="LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext")
    Set DCConfiguration = GetObject(VarPath)
    For Each DomContainer in DCConfiguration
        DCVar = DomContainer.Name
        strFromServer = ""
        NTDSPATH =  DCVar & ",CN=Servers," & SiteVar & "," & SiteList
        GuidPath = "LDAP://CN=NTDS Settings,"& NTDSPATH
        Set objCheck = GetObject(NTDSPATH)
        For Each CheckContainer in objCheck
rem ====check for valid site paths =======================
            ldapntdspath = "LDAP://" & NTDSPATH
            Err.Clear
            set exists=GetObject(ldapntdspath)
            If err.number = 0 Then
                Set oGuidGet = GetObject(GuidPath)
                For Each objContainer in oGuidGet
                    oGuid = objContainer.Name
                    oGuidPath = "LDAP://" & oGuid & ",CN=NTDS Settings," & NTDSPATH  
                    Set objSitelink = GetObject(oGuidPath)
                    objSiteLink.GetInfo
                    strFromServer = objSiteLink.Get("fromServer")
                    ispresent = Instr(1,strFromServer,oDCSelect,1)

                    if ispresent <> 0 then
                        Set objReplLinkVal = GetObject(oGuidPath)
                        objReplLinkVal.DeleteObject(0)
                    end if
                next

                sitedelval = "CN=" & comparename & ",CN=Servers," & SiteVar & "," & SiteList
                if sitedelval = ntdspath then
                    Set objguidpath = GetObject(guidpath)
                    objguidpath.DeleteObject(0)
                    Set objntdspath = GetObject(ldapntdspath)
                    objntdspath.DeleteObject(0)
                end if
            End If
        next
    next
next
Set AccountObject = GetObject(ckdcPath)
temp=Accountobject.Get ("userAccountControl")
AccountObject.Put "userAccountControl", "4096"
AccountObject.SetInfo
Set objFRSSysvol = GetObject(SYSVOLval)
objFRSSysvol.DeleteObject(0)
Set objComputer = GetObject(ckdcPath)
objComputer.DeleteObject(0)
Set objConfig = GetObject(siteval)
objConfig.DeleteObject(0)
oDCSelect = Replace(oDCSelect, "CN=", "")
msgval = "Metadata Cleanup Completed for " & oDCSelect
msgbox  msgval,,"Notice."
wscript.quit
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39188940
Please read my comment.

In 2008 R2, metadata cleanup is automated.  All you have to do is what I said - Delete the failed DC from AD in the 2008 R2 server's Active Directory Users and Computers.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39188943
Just deleting the old box from ADUC will also do it (see the link I posted).  Microsoft has made this much easier from a 2008 DC

Thanks

Mike
0
 

Author Comment

by:revellej
ID: 39189206
Excellent, Thank you both very much for the help with this. it was a lot less involved then I expected. I removed the Server from AD in the 2008 R2 Server and run DCDIAG /C /E /V on the remaining DC and everything is looking good. I'll work on the DCPromo, DNS and setup DHCP scopes tomorrow.
is there anything alse that you can think of that I need to worry about?
0
 

Author Closing Comment

by:revellej
ID: 39257527
Sorry it took me so long to get back to you on this. I ended up getting a new server to replace the one that died.
Thanks again for your help on this.
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question