FriendlyIT
asked on
Introducing restored Domain Controller into environment
We need to reintroduce a Server 2012 DC to our environment that has been restored from a backup over two weeks old.
FSMO roles have subsequently been seized by another DC.
I am wondering what steps I need to take to bring this back into the network without causing mayhem.
Any pointers would be much appreciated.
I currently have offline access to the restored domain and so can do any preparation on it that is necessary to smooth the process.
Please advise!
Jon
FSMO roles have subsequently been seized by another DC.
I am wondering what steps I need to take to bring this back into the network without causing mayhem.
Any pointers would be much appreciated.
I currently have offline access to the restored domain and so can do any preparation on it that is necessary to smooth the process.
Please advise!
Jon
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just basically remove it from the domain and it will be a plain old Windows server. Reinstalling Windows is good too (as Seth said).
ASKER
Hi,
I think the metadata thing is OK as I did the FSMO seize when another incarnation of this server was still available.
The one problem I have is that when I have done the demote I get this error:-
An error occurred when demoting the Active Directory Domain Controller
Certificate Server is installed
Anything I need to be concerned about?
Jon
I think the metadata thing is OK as I did the FSMO seize when another incarnation of this server was still available.
The one problem I have is that when I have done the demote I get this error:-
An error occurred when demoting the Active Directory Domain Controller
Certificate Server is installed
Anything I need to be concerned about?
Jon
you can remove that role\service.
In any case, why dont you just wipe it and start fresh?
In any case, why dont you just wipe it and start fresh?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We have other functionality on that server that we don't wish to lose or rebuild.
It is a RADIUS server amongst other things. We are hoping to retain that functionality.
It is a RADIUS server amongst other things. We are hoping to retain that functionality.
ASKER
Hi Seth, yes it is issuing certificates.
ASKER
I would suggest that it is the root. I didn't set this up - which is why I am keen to avoid a rebuild. There is no way to migrate this as the server is isolated.
If you want to remove sertificate server services.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/3bdad377-293d-4692-803a-4ae39ad18d51/certificate-server-is-installed?forum=winserver8setup
https://social.technet.microsoft.com/Forums/windowsserver/en-US/3bdad377-293d-4692-803a-4ae39ad18d51/certificate-server-is-installed?forum=winserver8setup
ASKER
Hi tolinrome. I don't think you are reading my answers. I don't want to remove it. I want to preserve it.
I though you wanted to retain Radius, sorry.
ASKER
I think this is related to Radius (or our Radius at least).
Is there a way to export it to itself?
So export to a file, remove, demote, promote and then import again?
Is there a way to export it to itself?
So export to a file, remove, demote, promote and then import again?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
that's pretty much the same steps i did when i migrated a 2008 R2 CA to 2012 R2 except i changed the computer name which you can do with a couple additional steps
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK (hopefully) the final problem.
When I demoted the DC and then rebooted it - it then asked me for an admin password but wouldn't accept any known passwords or let me switch to a different user.
I know that DC accounts don't normally have a local admin, so I am a little confused. Have done another restore - any ideas how to avoid this same situation again?
Jon
When I demoted the DC and then rebooted it - it then asked me for an admin password but wouldn't accept any known passwords or let me switch to a different user.
I know that DC accounts don't normally have a local admin, so I am a little confused. Have done another restore - any ideas how to avoid this same situation again?
Jon
ASKER
OK - The last was my mistake. I put in a password during demotion and then forgot I had done it. Figured it out now. Local admin account doesn't exist on DC so when you demote, it asks you to assign a password which is then the local admin account.
Next I had to remove metadata which I did using this resource:-
http://support.microsoft.com/kb/216498
**EDIT - There was a link further up which is much better than the one I used **
Next I had to remove metadata which I did using this resource:-
http://support.microsoft.com/kb/216498
**EDIT - There was a link further up which is much better than the one I used **
at what point does that error show?
ASKER
OK - got past that error. Basically it was detecting the old server as a CA. I had to create this new one as a CA and then I could restore as per the above articles. We believe we have an up and running DC now and things are working as they were before!
WOO HOO!!!!!
Thanks so much for your help!
Jon
WOO HOO!!!!!
Thanks so much for your help!
Jon
ASKER
Some of the findings that were helpful that I discovered on my own were marked as part of the solution.
ASKER