server 2003 - DC rebuild.


I have two HP Proliant servers running 2003 R2. Both are DCs. One has failed due to a logical disk failure. I need to rebuild it.

Luckily the other DC has all the FSMO roles and is the global catalogue server.

Question is, I'm going to rebuilt the server with the same name and IP (the server held a database and the users connect via ODBC). Will this cause issues within the domain? For example with DCPROMO, etc. Or do I have to delete the server using ADSI edit from the other DC before the server is rebuilt?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

-Demote the failed DC

-Follow these steps (be thorough) to clean it up in ADS

-Then install your OS to give it the same name & IP address

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
APC_40Author Commented:
The server has failed. Major issues with the directory... I login to the server in safe mode but not with domain credentials. So unfortunatly I can't demote it gracefully as you suggested.
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:
Can you start start can you start the server in Directory service mode and do authoriative restore?

The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Brian PiercePhotographerCommented:
Start by doing metadata clean-up on the remaining server to remove all traces of the failed server. - see

Then simply re-install windows on the failed DC and promote it to be a DC, Active directory will replicate automatically.

You might want to add the Global Catalog and DNS roles to the rebuilt DC.
APC_40Author Commented:
Thanks for the advice so far.

I inserted a new disk and re-enabled the logical volume within the RAID software (ACU). I could see the D drive now and could see some data. I then re-booted the server and it went into Chk Disk... Its now been running for an hour... Its currently on 'deleting index entry  ---- in index $I30

What are my hopes of recovering, what's it doing and how long will this take???!
APC_40Author Commented:
Ok I'm now rebuilding the server.

I'm in the process of the metadata cleanup on the working DC to remove the failed DC.

I follow the linked file and it goes OK untill I type 'select site 0'. The DOS replies - No active site list??? How do I get around this???
Craig BeckCommented:
If you have a full backup of the server you don't have to do a metadata cleanup, you could just install a fresh OS on the server, restore the backup, let the AD replicate and the directory wouldn't know any different.

If you do need to reinstall the server without a backup you'll need to perform a metadata cleanup to remove the server.  Follow Daniel Petri's guide to removing a failed DC...

You don't need to do anything with the failed DC itself other than fix the RAID array and install a fresh copy of the OS, then promote it to a domain controller.  You should NOT use the current installation of the OS - this will cause no end of issues if you join it back to the domain.

You should only perform an authoritative restore if you want to fix the directory itself or to restore the directory due to data-loss or erroneous changes being made.  You don't do an authoritative restore for a failed DC if the directory is still intact on another DC.
Brian PiercePhotographerCommented:
In this ntdsutil command, after you list domains type:

Select domain 0
The short answer to your original question given the rebuild is almost immediate is yes.

A straight reinstall and rejoin using the same name/IP.

Subsequent posts suggests that you had a failed data drive. I.e. RAID 5/10/6 lost more drives than the fault tolerance. You have to look through the controller error log and force the last kicked device/s of each corrupted volume online which as long as the drive is not mechanically dead, will bring back the volume. Forcing the last drive should minimize data loss/corruption. Then replace the other and let it rebuild.

In hardware based raid, all drive failures must be handled while the system is online. In case of some HPs, you might have to use insight manager to indicate that the drive will be pulled. The drive can then be pulled.

A DC must usually must not be restored from backup.
However, an non-authoritative system state restore on a DC will avoid the rid master sequence errors.
STEP 1  should be to get an immediate system state backup of your existing domain controller;  full system state backup.     Your domain is in a perilous state,  and you need to make sure you have options to   "roll back"   failed restoration activities.

Once you do so,  you may choose to bind DNS to the old server's IP;  and leave the other AD node inoperative,  until you have sufficient number of days maintenance to do the rebuild.

If you have a RAID failure;  exhaust efforts to get the logical drive back online first.
If you do get it online;  the sole purpose is to boot it up and properly  demote the server to a normal member server;  after a compromised RAID array,  you cannot be sure of the data integrity;  this is no good for a domain controller,  so after you are done, the server should be rebuild regardless.

If you cannot get the broken server backup  even for 5 minutes;  after exhausting everything.

Ideally you should have a regular system state and boot drive backup of every domain controller already,  and use that to rebuild and restore the system state,  after reinstalling Windows 2003.

Make sure to take a system state backup and full backups of your GC and FSMO role holding AD servers  that are NOT down,   before   attempting any restoration actions of this broken domain controller.

Attempting to "cleanup metadata"   OR  rebuild a broken DC by restoring system state from backup are both  highly dangerous actions;    any of these actions can in some rare circumstances,  break AD!

Hand editing any metadata in Active Directory,  such as  "meta data cleanup",  and setting registry entries   are especially dangerous;   More so  for people who are not AD or data recovery professionals.

And these activities should be taken only be done as a last resort,  and with the appropriate professional advice/guidance/review for each action;   I just want to stress that point.

If there is any lack of clarity in your understanding of metadata cleanup procedures; or any question as to whether it is part of a Microsoft recommended procedure,  THEN you are better off  calling  Microsoft report, or a professional to personally assist / walk you through each step,   to  help ensure  AD  doesn't experience an additional failure.
SandeshdubeySenior Server EngineerCommented:
Open ADsiedit and check does the failed DC object resides in DC OU.Also check from ADUC find the DC object both server should be in default Domain Controller OU.

If the server object exist delete the same from ADsiedit.Also from AD sites and services,DNS.
Then promote the server back as DC with same name and IP address.

Complete Step by Step to Remove an Orphaned Domain controller
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.