Server 2003 Domain Controller no longer working.

Hello Experts,

Yes, this is a very old network that my client is finally upgrading.  The environment had a Windows 2000 server and a Windows 2003 server.  I demoted at Windows 2000 server but now the Windows 2003 server will not authenticate or allow new computers to join it.
I've tried everything I can think of with regards to DNS and other troubleshooting but I'm just out of ideas.
Any help would be appreciated.

Thanks so much.
John LewisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Is the 2003 server a Global Catalog?

Did you run DCDIAG /C /E /V and check the server and problem workstations event logs for clues?
0
Thomas GrassiSystems AdministratorCommented:
Run this

dcdiag >>dclogx.txt
dcdiag /test:registerindns /dnsdomain:Your FQDN Here>>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt


Post results

Does the 2003 DC have all the Roles ?

Ntdsutil roles Connections "Connect to server XXXXXXXX" Quit "select Operation Target" "List roles for connected server" Quit Quit Quit >>dclogx.txt
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
John LewisAuthor Commented:
Thanks so much for the message.  I can't seem to get DCDIAG to work.  I'm working on getting the NTDSUTIL information to you.
I do believe that this machine has all the roles, however, the demotion of the Windows 2000 DC didn't go very well.
I attempted dcgpofix /ignoreschema and the error said that SYSVOL was not available.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

John LewisAuthor Commented:
C:\>ntdsutil
ntdsutil: wicserver2
Error 80070057 parsing input - illegal syntax?
ntdsutil: roles
fsmo maintenance: connections
server connections: wicserver2
Error 80070057 parsing input - illegal syntax?
server connections: connect to server wicserver2
Binding to wicserver2 ...
Connected to wicserver2 using credentials of locally logged on user.
server connections: quit
fsmo maintenance: select operation target
select operation target: list roles for connected server
Server "wicserver2" knows about 5 roles
Schema - CN=NTDS Settings,CN=WICSERVER2,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=wic1
Domain - CN=NTDS Settings,CN=WICSERVER2,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=wic1
PDC - CN=NTDS Settings,CN=WICSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=wic1
RID - CN=NTDS Settings,CN=WICSERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=wic1
Infrastructure - CN=NTDS Settings,CN=WICSERVER2,CN=Servers,CN=Default-First-Site
-Name,CN=Sites,CN=Configuration,DC=wic1
select operation target: quit
fsmo maintenance: quit
ntdsutil: quit
Disconnecting from wicserver2...

C:\>>>dclogx.txt
The syntax of the command is incorrect.

C:\>>> dclogx.txt
The syntax of the command is incorrect.

C:\>dcdiag
'dcdiag' is not recognized as an internal or external command,
operable program or batch file.

C:\>dcdiag /c /e /v
'dcdiag' is not recognized as an internal or external command,
operable program or batch file.

C:\>
0
arnoldCommented:
All the roles point to wic1.
you need to seize all the roles while you are within ntdsutil
0
Iamthecreator OMCommented:
Perform a meta data cleanup.

How to remove data in Active Directory after an unsuccessful domain controller demotion
https://support.microsoft.com/en-us/kb/216498
0
Dil5Server AdminCommented:
Is this your child domain ? if yes

Go to Any of the Windows 2003 (GC) DC and seize following 2 roles:
PDC
RID
you can seize this by running following command set:
NTDSUTIL enter
Roles enter
Connections enter
Connect to server [name of the server which will hold the roles] enter
quit enter
seize PDC enter
you will receive a warning message that you are seizing the roles and the server which is holding the roles should never comes up (Please consider this warning very seriously and make sure the current role holder server doesn't comes up, while this new role holder server is serving the roles)
if you agree press yes
seize RID Master enter
you will receive a warning message that you are seizing the roles and the server which is holding the roles should never comes up (Please consider this warning very seriously and make sure the current role holder server doesn't comes up, while this new role holder server is serving the roles)
if you agree press yes

Now go to any non-GC DC and seize following role:
Infrastructure Master

you can seize this by running following command set:
NTDSUTIL enter
Roles enter
Connections enter
Connect to server [name of the server which will hold the roles] enter
quit enter
seize infrastructure master enter
you will receive a warning message that you are seizing the roles and the server which is holding the roles should never comes up (Please consider this warning very seriously and make sure the current role holder server doesn't comes up, while this new role holder server is serving the roles)
if you agree press yes
 
if you have only 1 DC in your domain
than  all 3 roles can be on that DC  regardless of its GC or not(same above steps for seizing roles)
if you are having only 1 DC in your Domain you are in not very good state. commission a second DC as soon as possible.

If this is only domain in your forest then you have to seize all 5 roles:
Domain naming master
Schema master
PDC
RID Master
Infrastructure master
(steps of seizing roles are same as above)

Let us know how you go or you need further help.

Cheers
Dil
0
John LewisAuthor Commented:
Thanks for all your help everyone.  Although I'm sure your comments were good solutions, our systems crashed so bad that I no choice but to rebuild the Domain Infrastructure from scratch.  Thanks so much for your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.