I have restarted the netlogon service on the DC that's running. If I repoint the DNS
for the new server can I now add it to the domain or do I have to go through those
steps you mentioned before... using netdsutil?
Mike:
You need to go ahead and do those steps I listed earlier. Otherwise your domain
will not function correctly.
Julian:
Mike I am now on the second article which you referred to me... 216498 where
i run the Meta Data clean up, but when I run the command "select Site 0" it says
no current server, no current naming Context
Mike:
That's fine... keep going... it's just telling you that no DC or NC has been selected.
You will select the DC in steps 12 and 13. It is always going to say no naming
context - don't worry about it, you don't need to select a NC for these steps.
Just be sure that when you select the operations target in steps 12/13 you select the
server that had FAILED. Don't remove the metadata for the working domain controller!!
Julian:
Mike what is the _msdcs.rootdomain of forest zones mentioned in step 17? and
how do I do this.
Also what is ADSIE edit?
Mike:
I have a better solution...forget about the rest of that article.
Open up the DNS console, expand the DNS server, expand forward lookup zones,
expand your domain name. Right click _msdcs and select delete. Also delete the
_sites, _tcp, and _udp subdomains as well. After doing this you will need to restart the
netlogon service on the domain controller again. Starting from scratch will ensure the
correct records are in DNS. After you restart the netlogon service the DC will
re-register the _msdcs, _sites, etc subdomains.
I'll email you the rest of the steps.start with the above for now.
Julian:
That was done. Looks like it repopulated everything!
Mike:
I'm doing this from memory, so let me know if you get an error when performing
these steps.
Open Active Directory Sites and Services
Expand the site that contained the failed domain controller
Expand the Servers folder
Right click the *failed* domain controller and then click delete (you may be
prompted to confirm)
ADSI edit is a snap-in provided with the Windows Support tools. How to
install support tools:
http://support.microsoft.com/default.aspx?scid=kb;en-us;301423
After the tools are install click start, run, then type MMC, and then click OK.
On the Console menu click Add/Remove Snap-in.
Click Add, then select ADSI Edit from the list, click Add, click Close then click OK
Right click ADSI edit and click Connect to.
Select the "Naming Context" option, from the dropdown list choose "Domain NC,"
and click OK.
Expand the Domain NC container.
Expand DC=Your Domain, DC=COM
Expand OU=Domain Controllers.
Right-click CN=**failed** domain controller name, and then click Delete.
Expand CN=System
Expand CN=File Replication Service
Expand CN=Domain System Volume (SYSVOL share)
Right-click CN=**failed** domain controller name, and then click Delete.
Julian:
MIKE! You are the man.
So now that I am at where I wanted to be 12 hours ago... I have reinstalled the OS on
the failed DC and it's got the same server name (for Exchange's sake) but it's on a workgroup.
Can I now go to that box and install AD (setup as an additional Domain Controller)? How
would I configure the DNS (still point it to the backup one we have running now)?
At the end of the day, I want to take the backup one down and have the one that originally
went down, assume it's prior status.
Mike:
Point the failed server's DNS TCP/IP settings at the working DC. Try to promote the
failed DC back to the domain.
Julian:
So I modify the DNS TCP/IP first... Install Active Directory? Or just run DCPromo?
Mike:
Modify the TCP/IP settings on the failed server to point at the working DC for DNS.
Run DCPROMO.
Julian:
i've setup up the failed to add to the existing domain, which it's doing beautifully.
Thanks for ALL your help!
When I want to go back to the original setup before this primary DC went down.
How do I go about making it the primary again, with all the DNS stuff too?
Mike:
Install the DNS Service on the failed server. Point the TCP/IP settings of both
servers to the once failed server for DNS.
Use Ntdsutil to transfer (do *NOT* seize them - there is a difference) all the
FSMO roles.
Also, you are going to need to go into the properties of the NTDS Settings object
under the domain controllers and make both of them global catalog servers (I'm
assuming you only have a single domain in your forest). It's a check box option.
BTW: you really need to have two domain controllers at an absolute minimum.
Julian:
Got It!
Thank you Mike for all your MOST VALUABLE advice. I would not have been
able to get through this without you!!
Mike:
You're welcome!
Would you mind if I post the rest of our conversation on the news group? I will remove
your email/name/contact info. That way others can see what the resolution to this
problem was - just in case they run into a similar situation.
Julian:
No problem Mike.
