PDC/BDC problem

  • Thread starter Thread starter cgbaten
  • Start date Start date
C

cgbaten

1 week ago, my PDC had a motherboard failure. The BDC with a shared
active directory immediately took over. I thought I had to run dcpromo,
but when I did it said it would uninstall AD and demote it to a member
server. Obviously I didn't want that to happen, so I left it alone, and
copied the critical files from backup tp the BDC, and sent the PDC out
for repair.

The PDC arrived last Monday. I had trouble introducing it back into the
domain because the server was still listed as a domain controller in AD
users and computers. I did a metadata cleanup to remove it. I added the
PDC back into the domain, used Configure your server to add in DNS and
AD, set up WINS, just as before. On Tuesday, I copied all backup files
to the DC, set up shares and permissions, and tested some of the
clients. The clients remembered user profiles and shares, everything as
if it never happened. The users were in the middle of the workday on
the backup server, so I waited until end of workday to move any files
they accessed back to the original server and told them to log in as
normal on Wednesday.

Here's the problem: The trusts between this domain (domain A) and one
in a building down the street (domain B) stopped working. I tried
everything to reestablish the trust. Somewhere in my panic I noticed I
could set up domain B at the trusting domain on the PDC, but could not
get domain B to trust domain A. Then I was able to get domain B to
trust domain A by setting up the trust on the BDC. So now the 2 way
trusts are dependent on both the PDC and BDC running at the same time.

The reason I got the errors, according to M$ and the event viewer, have
to do with the RID on the PDC not synchonizing with the domain, caused
when it suddenly dropped out of the domain, then was reintoduced when
fixed. I tried several things to get it to synch, but all that I have
read seems to say I need to take the servers out of prodcution and
start over. I can't have these users sitting around while I try
something that may not work. What if it's something else? Does anyone
have a suggestion, or should I live with the trust split?
 
Hello (e-mail address removed),

Did your BDC got all the FSMO rules after takeover? Check here:
http://support.microsoft.com/kb/324801

Seems that it is missing one of the roles after you take out the broken server
and cleanup your metadata.


Best regards

myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
 
This looks exactly like what I need. I may have missed it in the
article, but can this be done with users connected? And do you think it
will break the trusts again?

Thank you for pointing me in this direction. I don't think I would have
found it without your help. I read so many articles about making BCDs,
but they never mentioned the things I've encountered.

Chris
 
Sorry, forgot to add one thing. Should I transfer the roles to the BDC
as you stated in your first post, or now to the PDC that's back in
production?

Chris
 
Hello cgbaten,

Just make sure that all FSMO rolls are their. Only change them if you take
out one server forever. Changing the roles does not require a reboot. Also
check that mininmum one of your DC's is a Global catalog server.

1. On the domain controller start the Active Directory Sites and Services
snap-in. To start the snap-in, click Start, point to Programs, point to Administrative
Tools, and then click Active Directory Sites and Services.
2. In the console tree, double-click Sites, and then double-click sitename.
3. Double-click Servers, click your domain controller, right-click NTDS Settings,
and then click Properties.
4. On the General tab you see the Global catalog checkbox.

Best regards

myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
 
I successfully set up the PDC with the global catalog checkbox. I was
also able to perform the first step of transferring the Schems role to
the PDC (it was not assigned to either server.) But when I tried to
change the other roles (domain naming master role, RID master, etc)
under Operations Master as stated in the M$ article, it listed the name
of the PDC as the operations master, but they all said ERROR and that
the operations master was offline. The message is the same on the PDC
and BDC. Thanx in advance for all your help.

Chris
 
Hello cgbaten,

You dont have to change the roles between your servers. Even com away from
PDC and BDC. Since W2000 their are no differences like in NT4. Check that
all the FSMO rules are their. You need all of them.
Normally after a chrash ALL the roles must be hold at the at that moment
running alive Domain controller. If you then add a new DC then it will be
fine.
So which server from you has which role in the moment?

Best regards

myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
 
Hi myweb,

It seems like the PDC has the role, but what about the error message I
see when I use the Operations Master. Why is that happening? Also, I
tried to add a printer from a trusted domain, and it can't see the
printers anymore. I'm sure this issue is related and I'm not sure how
to correct it. Thanx for your help.

Chris
 
Back
Top