2003 R2 and 2008 R2 Active Directory Problems

I have an environment that a 2003 R2 64-Bit Server and later added a 2008 R2 64-Bit server.

They were both set as domain controllers and replicating AD/DNS.

Over the weekend the motherboard in the 2003 box died and I'm trying to make the 2008 box the Master.

I have seized the roles based on this article http://kpytko.pl/active-directory-domain-services/seizing-fsmo-roles/ but at first AD Users and Computers would not even load.

After seizing the roles and waiting a few minutes I could see AD Users and Computers.  However after rebooting i can't get into AD again and if I seize them again I can see AD Users and Computers again.


I have checked to make sure the DNS is point to the server IP and checked about everything else I can think of.

Any help would greatly be appreciated.
truth_talkerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
cleanup the metadata from that 2003 server; see if things improve

Clean Up Server Metadata
https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

also do netdom query fsmo and make sure the 2008 server is listed there as the role owner
0
Will SzymkowskiSenior Solution ArchitectCommented:
Once you have seized the roles run the following commands....
netdom query dc
netdom query fsmo

You will need to perform a metadata cleanup for active directory.

Metadata cleanup
https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Set PDC external time source
https://support.microsoft.com/en-us/kb/816042

You will also want to make sure that your clients are pointing to the DC you transfered the roles to. Because you have had to Seize the roles you cannot bring the 2003 server back online.

Will.
0
truth_talkerAuthor Commented:
After I cleanup metadata, etc?  Should I reboot the DC or leave it alone for a while to catch up with all that I have changed?

So far rebooting right after making the changes hadn't helped.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

truth_talkerAuthor Commented:
So far when a client logs in I get the message " The system detected a possible attempt to compromise security.....

Any other things to try?
0
truth_talkerAuthor Commented:
Also now when going into AD Users and Computers I get "An invalid directory pathname was passed".
0
Will SzymkowskiSenior Solution ArchitectCommented:
You may also need to perform an authoritative restore of Sysvol share as well.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
truth_talkerAuthor Commented:
How do o do that.
0
truth_talkerAuthor Commented:
Looks like I got the authoritative restore done.  Or at least I got the sysvol and netlogon shares back online.

That appears to have fixed the login issues, but since the other DC crashed and the customer doesn't have a System State backup looks like I will have to rebuild the group policies and login scripts from scratch.

Unless there's another way to get them back.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Unless they have been backed up manually or have a system state backup you are out of luck. Glad that it is now back online.

Will.
0
truth_talkerAuthor Commented:
There isn't a way to recover anything cached on local workstations is there?
0
Will SzymkowskiSenior Solution ArchitectCommented:
Unfortunately not. Nothing is cached on the workstations. You need to perform backups of Group Policies and or Performing System State backups.

Will.
0
truth_talkerAuthor Commented:
I have everything back operational except for the group policies which I am rebuilding.

Is there a way to make the new GP's force override over the old ones?

For example I have some XP clients that aren't updating folder redirection to the new GP.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.