Domain Controller crash...advice needed

  • Thread starter Thread starter barabba
  • Start date Start date
B

barabba

Hi all,

our W2K native-mode domain lost a domain controller due to a hardware
failure.
The server will not be put online and therefore I need to do some sort
of clean-u in the AD.

MS supplied an interesting KB numbered 216498 (How To Remove Data in
Active Directory After an Unsuccessful Domain Controller Demotion).

I believe I should follow the steps outlined in such KB.
I should mention that the server in question did not hold any FSMO
roles but was global catalog.

The only thing I did so far was to remove the GC function to this
server.

I would like to know from anybody who has done this operation before
if there is anything that I should know. Any dangers ? Is the KB
reliable ? I'm worried to disrupt the production environment...

What happens if we don't do this clean-up within 60 days from the
failure date ?

The server on which I should perform the whole operation should hold
any particular roles or it can be any DC of the domain to which the
broken DC belongs to ?

Thanks for your attention,

Bye
Bar
 
In
barabba said:
Hi all,

our W2K native-mode domain lost a domain controller due to a hardware
failure.
The server will not be put online and therefore I need to do some sort
of clean-u in the AD.

MS supplied an interesting KB numbered 216498 (How To Remove Data in
Active Directory After an Unsuccessful Domain Controller Demotion).

I believe I should follow the steps outlined in such KB.
I should mention that the server in question did not hold any FSMO
roles but was global catalog.

The only thing I did so far was to remove the GC function to this
server.

I would like to know from anybody who has done this operation before
if there is anything that I should know. Any dangers ? Is the KB
reliable ? I'm worried to disrupt the production environment...

What happens if we don't do this clean-up within 60 days from the
failure date ?

The server on which I should perform the whole operation should hold
any particular roles or it can be any DC of the domain to which the
broken DC belongs to ?

Thanks for your attention,

Bye
Bar
Click to expand...

Yes, I've used it about 6 or 7 times for various clients and it works fine.

The only thing you need to be aware of is what Roles that machine held, and
they need to be forcefully transferred to an existing DC, that is if it held
any Roles. Keep in mind that the GC is not a Role, but rather a service. You
can enable that in Sites and Services for another DC to take over that
service. Roles need to be transferred or seized (seized in your case) if it
held any Roles. In most cases you can use the GUI to seize it, but you can
also use NTDSUTIL as well.

FSMO Roles Manipulation in a Nutshell (Thanks to Deji, MVP, for this one!):
http://www.akomolafe.com/DesktopModules/ViewDocument.aspx?DocumentID=18

234790 - HOW TO How to Find FSMO Role Holders:
http://support.microsoft.com/?id=234790

255690 - HOW TO View and Transfer FSMO Roles in the Graphical User
Interface:
http://support.microsoft.com/default.aspx?scid=kb;en-us;255690

255504 - Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller:
http://support.microsoft.com/?id=255504

283595 - HOW TO Change the Role Owner of the Operations Master After a
Successful Seizure:
http://support.microsoft.com/?id=283595



--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Back
Top