PDC crashed need suggestions

Posted on 2014-10-29
Medium Priority
Last Modified: 2014-11-04
This afternoon my PDC crashed with an error stating that the 'Security Accounts Manager initialization failed : Directory service cannot start. Error Status 0xc00002e1. Reboot into Directory Service Restore Mode' Tried to get into this mode but do not have the password for this mode. Tried resetting the DSRM password but when I tried to set a new password it came back that it did not have enough storage to perform the task. I called Microsoft and they tried to help but gave up. What to do?

I am currently building another server in hopes of restoring the full backup I have from Sunday but Microsoft made it sound like that is pointless and I need to rebuild the server then re-add all the workstations and servers. I have an Exchange server on this domain and that makes things even more complicated. Any suggestions? When I look at the server it shows that Active Directory is rebuilding Indicines but don't know if that will fix it.
Question by:tparus
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4

Expert Comment

ID: 40412523
You stated that when trying to reset password it came back with no space warning. Running out of space is a great way to kill a PDC

Check if you have any free space in not try free some up.

Author Comment

ID: 40412569
No it said that there was no resources available. This is a domain controller so really there is nothing that would take up disk space on the server plus I would have received a warning about disk space being an issue.

Expert Comment

ID: 40412593
you will be surprised. DC do use up space with log files updates extra.

With out copies of logs from event viewer I do not think alot of people will be able to help.

Directory restore mode is only used when restoring DC from backup and wanting to force it as the authoritative DC  (Im recalling form memory i think.)

Exchange does make it complicated. Unless you can get the restore to work you have a huge problem. Is this the only domain controller on the network.  If you have another Domain Controller you could seize the roles  ( There is no PDC anymore all Domain controllers are equal  Except  Read only DC ( you can just sieze the Fismo Roles and clean up AD.
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.


Author Comment

ID: 40412614
I have a huge problem. I have tried doing a restore and tried to repair the install and nothing worked. I have jumped off the deep end and started rebuilding the server. I hope that once I get it back up I can restore the files from the backup then the system state but I have a feeling it wont be that easy... nothing is. If the restore does not work I don't know what I am going to do about exchange. Email is the life of the company. I have a domain controller that is off site and one of our remote locations but I don't know if I will be able to seize the fismo roles.  due to this controller being off site I assume that will be difficult to seize those roles?

BTW when I started the rebuild only a quarter of the drive was used and the rest was free space. Yes I know that the PDC is a thing of the past but the company I work for is tight on spending money so all of our server except for about 3 are all 2003.

Have you had any experience restoring a backup to a rebuilt server? When you say huge problem with exchange what should I expect? Where to start to get this going all again? I know I have a long road to go but need some road maps if you have any.

Thanks for responding.

Accepted Solution

Armenio earned 1000 total points
ID: 40412652
As you state you have multiple DC you can not restore the Domain with out the password. it will be overwritten you need the ADRM password.

Are the sites linked via VPN.

If you have a remote domain controllers that are accessible the only option I can think of is to seize the roles to one of the other Domain controllers. install a new one locally join it to the domain and promote it to and once everything has replicated seize the roles back.

I think you are misinformed. PDC is a windows nt4 technology and not used in server 2003 except for backwards compatibility. all Domain controllers are equal and the only differentiating factor is which ones hold the FISMO roles.

Try seize the FISMO roles on to the remote DC ( that is your best bet). If you can ping it you should be able to seize the roles and it should be able to communicate with exchange.

If you can not get AD up and running exchange is dead. new domain new install. (That is my understanding I could be wrong)

Author Comment

ID: 40412765
OK I have encountered my first issue. I am trying to add the computer to the domain but I get the error 'The following error occurred attempting to join the domain <domain name> : The specified user already exists' I'm sure this has something to do with the fact that I am trying to add a computer with the same name to the domain. What do I need to do to clean up the directory so I can add this machine and run the dcpromo on it.
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 1000 total points
ID: 40413218
cleanup the metadata and get it out if you are rebuilding it with the same name

Clean up server metadata

seize FSMO roles to another domain controller; fine if it's in another site

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

Expert Comment

ID: 40414746
I would give it a new name or Delete it however i"m not sure on the consequences for deleting it. I would just give it a new name that makes it easy to clean up late and will not cause any issue with SId's extra.
Ya I would just give it a new name.

Author Comment

ID: 40422006
Well it took a few days but I have finally got the DC back up and running after doing a rebuild. It's a good thing I had that secondary DC at the remote location. Anyway thanks for all your help.

Expert Comment

ID: 40423157
Glad I was able to help.

Dont forget to run DCdiag once completed and make sure all is running well.

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question