promoting 2003 server to domain controller at a remote site

Posted on 2013-10-28
Last Modified: 2013-10-29
for a few months now our main office in new york could no longer access our west coast office via the site to site vpn so the west coast server which is a domain controller could not replicate with the new york primary domain controller but just today we got both sites connected via an mpls dedicated connection so i can ping and remote desktop into each site but as expected, when i tried replicating the servers got errors.  My question is what would be the easiest way to correct this so west coast site can authenticate domain users properly since now the users are not able to log into their pcs for some reason and are getting errors that no domain controller is available.  There is a 2nd member server at the west coast site so could i just promote that to a domain controller and then if it works, demote the original domain controller?  Wasnt sure of the steps for dcpromo as well.  Thanks in advance.
Question by:dankyle67
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3

Expert Comment

ID: 39607570
Assuming the member server is already joined to the domain, you should be able to run DCPROMO to promote it to a domain controller.

Though, from what you've said, it sounds like you already have a domain controller in both offices. However, it's been so long since they replicated, that each of the DCs assumed the other was permanently offline and "tombstoned" it.

This article may help you "reanimate" a tombstoned object in AD:

If you can get the existing DCs replicating with each other, that'll be your best bet.

Author Comment

ID: 39608340
yes would prefer to bring back the tombstoned domain controller but just worried its a lot of work thats why was thinking about promoting the 2nd member server in the west coast office. Will take a look at the article first, thanks so far.  Also, if both sites are not connected thru a dedicated leased line which is pretty fast, could they just use the east coast domain controller for authenticating or would this be too slow?

Expert Comment

ID: 39608344
AD authentication uses so little bandwidth, having the West coast users use the East coast server shouldn't be a problem at all. Unless, of course, you have a complex group policy structure that needs to apply, or if it's trying to redirect folders across the WAN.
Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations


Accepted Solution

ltechsolutions earned 500 total points
ID: 39608349
I should add - the best practice is to have at least one domain controller in each physical location. However, as an interim solution, what you described will work. Just make sure that the DNS for your computers (including West coast) have your East coast domain controller set.

Author Comment

ID: 39608365
That sounds like what i would like to do in the interim but problem is they just completed this voip phone system which links both sites together by using connected gateways on each site called mpls which im not familiar with.  The nice thing is both sites are able to see each other but the gateway they point to is that phone system gateway.  Currently, in their ip settings i have the default gateway as at west coast site and the dns is set to the domain controller that is tombstoned so are you saying that since both sites are linked, i could temporarily set the west coast site to use the ny site dns server which is also the main domain controller/DNS server?  In other words, im trying to find out how the west coast site pcs determine which domain controller to use for authentication in general.  It seems you are saying that whatever dns server you point a machine to is the domain controller it will use for its domain authentication correct?  This way i could still leave the default gateway as is since this is what enables both sites to communicate.

Expert Comment

ID: 39608367
Assuming you can ping the East coast server's IP from the computers at the West coast site, then you're absolutely correct.

Author Comment

ID: 39608449
Great, that would be nice if i could get that working as you advised.  Lets assume that in the west coast office they never had a domain controller installed and the office was just new and the site to site connection was already in place, I would then theoretically be able to simply use the east coast office dns/domain controller as the only and main source for their authentication correct until i installed a local domain controller their as a best practice like you mentioned?  The reason i am asking this is that a month ago the west coast office tried setting up a new laptop and couldnt get it to join the domain and was assuming that it was trying to get domain credentials by using the tombstoned local domain controller but if i point it now to the east coast dns server then maybe it will be able to sucessfully join the domain.

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is this Task? 4 182
Event-ID 3001, 3011 - LoadPerf - Windows Server 2003 14 98
SBS 2003 RWW Login 3 59
Alert on Server memory 2 55
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
In an interesting question ( here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question