GPO is gone

  • Thread starter Thread starter Erik
  • Start date Start date
E

Erik

I replaced my PDC this past weekend and I'm not sure if I
messed something up or not. I basically brought the new
server up, attached it to the domain, all the users
automatically carried over, DNS carried over, and most
setting were in place instantly. I turned off the old
server, and put the new server as the as same IP of the
old server. Everything was working perfectly until I went
to view the GPO today. It's telling me that my domain is
down and it failed to open the group policy. Now what do I
do? I'm so unsure of what I'm doing.
 
When you turned the old server off did you run dcpromo and demote it
properly? If not any FSMO roles it had were not transfered to any
other existing machine and could be the cause of your problem. Also,
if it wasn't demoted and did not update DNS correctly then the
infomration in DNS is still pointed to the GUID of the old machine
which may be why your GPO won't open.

If you can let me know exactly what you did I can try and give you
some steps on how to recover.


Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.
 
To edit the GPO in Active Directory you would open Active Directory
Users & Computers and right click on the OU that contains the GPO you
want to edit. Then click on the Group Policy tab and double click on
the GPO you want to edit.

If you mean the exact location of the policy they are usually located
in the %systemroot%\sysvol\sysvol\domain.com\policies directory.


Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.
 
I basically booted up the new machine on 192.168.1.199.
Added it to the doamin, ran active directory setup. When I
looked at the users and the DNS records, everything was on
the new server. The old server was on 192.168.1.140. I
gave the new server, the old servers address and that's
it. Everything has been running fine. I didn't demote the
old server, just shut it off. I can still demote it
tomorrow night if I need to. I also transferred all the
files (mainly spreadsheets, .doc's,) to the new server and
set up new shares.
 
Here's my suggestion. Give the new DC it's original address. Bring
the old DC back up with it's original address. Flush and register
the DNS cache on both machine to make sure that DNS is correctly
updated.

Type these commands from a command prompt:

- net stop netlogon
- net start netlogon
- ipconfig /flushdns
- ipconfig /registerdns

Demote the old DC using DCPromo.

1. Click "Start", and then click "Run".

2. In the "Open" box, type "dcpromo" (without the quotation marks),
and then click "OK" (without the quotation marks) to start the
Active Directory Installation Wizard.

3. Click "Next".

4. Use one of the following methods:

- If this is the last domain controller in the domain, click to
select the "This server is the last domain controller in the domain"
check box, and then click "Next".

- If the domain controller is not the last domain controller in
the domain, click "Next".

5. Type a user name and password with the correct permissions to the
domain, and then click "Next".

6. Type, and then confirm the password for the administrator account
on the server, and then click "Next".

7. On the "Summary" page, click "Next", and then click "Finish".

This should transfer the FSMO roles to the new DC. If not check out
this article:

255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller
http://support.microsoft.com/?id=255504


Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.
 
Back
Top