Solved

promoting remote server into domain cant find domain

Posted on 2013-11-30
7
524 Views
Last Modified: 2013-11-30
Hi,
just ran a dcpromo /forceremoval on a tombstoned domain controller after metadata cleanup on primary server and after the reboot of the server which is now a member server, it cant locate the domain to join when i attempted a dcpromo.  It is connected to the main domain controller at the main office thru a dedicated connection which is faster than a vpn and i can ping from both sides to each server.  Im assuming this is has to do with dns since it referenced that when it couldnt find domain.  Since this was formerly a dns server for the remote office, i have not removed dns since i was hoping that if i could join the domain and promote this server back to a domain controller it would also retain the dns server settings.  Any ideas?  thanks
0
Comment
Question by:dankyle67
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 200 total points
ID: 39687010
Point it to the other DC/DNS for DNS Services (You can change it afterwards).  You can also remove DNS and when it is promoted DNS can be added and replicated to the box.  I'm assuming this is AD integrated DNS.

Thanks

Mike
0
 

Author Comment

by:dankyle67
ID: 39687016
yes  it is AD integrated DNS but when you said point it to the other DC/DNS where do it do that?  In the ip settings for the nic card?  I currently have that already pointing to the main office site domain controller which is in a remote site.  Would this be a problem?
0
 

Author Comment

by:dankyle67
ID: 39687038
I actually was able to get further by using company.com instead of using just company as the domain but it tells me the user or object already exists so cant join domain.  I checked under computer  name and it the server was still in a workgroup which is why i tried to join it to the domain first but got that error.  Im not trying to replicate it yet since it is not a domain controller currently just a standalone server so lingering objects should not be an issue or is it?
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 
LVL 37

Expert Comment

by:Mahesh
ID: 39687094
Have you checked if old server account got cleanup properly from AD ?
if you could rename original server name and then try to add server as member server 1st in active directory
If its allow to add a member server, hopefully u will be able to promote it as ADC

Mahesh
0
 

Author Comment

by:dankyle67
ID: 39687102
I was able to finally join the domain and successfully promoted it to a domain controller and replication worked so pretty happy about that.  Last thing is that in the DNS server of the newly promoted dc server it says that it cant load the primary zone in forwarded dns zones so i think it maybe that i selected this to be a secondary zone instead of primary integrated not sure.  Should i uninstall DNS server then add again and select as primary integrated?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 300 total points
ID: 39687115
You cannot install secondary DNS zone in active directory promotion wizard

Just point its own IP as preferred dns server, restart netlogon server, restart dns service, and just try to reload the zone.Due to remote site, some times it may take some time to load zones.

You said that you already have DNS installed on this server
Just ensure that your new ADC server conditional forwarder settings, you might be having conditional forwader there with same name as forward lookup zone with previous setup.


Mahesh
0
 

Author Comment

by:dankyle67
ID: 39687146
I uninstalled dns then reinstalled but this time selected as primary active directory integtrated and was able to load the zone correctly from the remote site.  Thanks for all the help.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question