windows 2003-2008- domain controller rename = no domain

Posted on 2013-12-02
Medium Priority
Last Modified: 2015-06-23
Big problems here.

There was a 2003 domain controller 'server2009'.
Raised from 2000 to 2003 functionality level, adprep ecc.
Added dc1 on windows 2008 r2 with dcpromo.
Added a RODC "dc2zentyal" (zentyal not windows, hence read only)

Demoted server2009, rebooted, renamed to oldserver2009 = no more 2003 dc with new name.

Domain was fine working on dc1.

Then we renamed dc1 to server2009, using netdom computername dc1.domain.local /add:server2009.domain.local

Tried a /makeprimary and remove. Both failed with reason: "" (no reason)

But the only rw domain controller now has hostname server2009. Unfortunately the domain does not work, netlogon does not start error 0000064.

Tried a dns clean up renaming any occurrance of dc1 to server2009

dcdiag /fix states still dc1, failed connection to dc1.

Currently no domain controller is reachable.

dc2zentyal had completed the replica but is now disconnected before it gets screwed up too.

So I have:
a non working dc1.
no backups of system states of a working dc1,
a rodc dc2zentyal,
a demoted and renamed server2003,
a bks ntbackup system state from one month ago (no important changes). should I remove DC1 new and restore system state on the old demoted dc so it comes back as a normal dc and start over? Would that work?

What can I do? And what was wrong in renaming the dc? Should I have had another extra dc as global master ecc?

Here there are no lab procedures and no test envirnoments unfortunately, just a situation to fix
Question by:Gcku
LVL 17

Expert Comment

by:Chris Millard
ID: 39691857
You probably should have run ADPREP to update the active directory schema to 2008 before removing the 2003 dc.

You could try seizing the operations master role on the 2008 dc:-


Author Comment

ID: 39691889
i did run adprep or 2008 would not have become a dc

Accepted Solution

Gcku earned 0 total points
ID: 39691958
Ok here is what I've done to fix the situation:
I used netdom computername dc1 to remove alias given: failed. using server2009 works though outputting an "" error.

Used the registry to force back the dc1 name.

Then I am creating a new server2009 trial server that will become another dc.
the new server2009 will be dc and file server. (with rdp and applications on another appserver). I will promote to global master ecc. Then replicate and remove dc1 gracefully (licensing allows me only two vritual servers) and keep the rodc on dc2zentyal

Ideal solution would have infact been having files on a server2009 server on an windows in domain server or even a linux samba nas, eg on zentyal. I am not accustomed to zentyal unfortunately
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

LVL 24

Expert Comment

ID: 39692198
Have you remove the old dcname by netdom command after rename operation:http://technet.microsoft.com/en-us/library/cc738341(WS.10).aspx

You also need to ensure the health of DC is good before you proceed with other DC  promotion.Run dcdiag/q and repadmin /replsum to verify the same.It is not recommended to have file server role on DC but if you have budget issue then you have no choice.You can have file server as windows/linux.

I will also recommend to have two DC in network for redundancy.

Expert Comment

ID: 39692429
LVL 36

Expert Comment

by:Seth Simmons
ID: 40845807
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

586 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question