Restore AD from backup.

  • Thread starter Thread starter David Jenkins
  • Start date Start date
D

David Jenkins

I'm practicing restoring AD to a server with different
hardware. I've followed the instruction on KB Article
http://support.microsoft.com/default.aspx?scid=kb;en-
us;Q263532 on restoring to different hardware. I can get
the server to boot just fine with errors of course. My
problem now is that I keep getting Event ID: 16650. I've
searched for something that will help but everything I've
read is worthless.

I have a few other Domain Controllers and some of the
roles are spread out, but I've tried to "seize RID master"
and everything and it doesn't help. (The server I'm trying
to restore is the RID Master, but I tried using NTDSUTIL
to seize everything.) Arrrgggg!!

Can anyone help me with this?
 
I'm also trying to restore the DC to a different hardware
and encountering the same problem you are experiencing.
I even spoke to the tech from Microsoft, and he is no help
either.
 
I hope you didn't have to pay him. I figured they would
be helping more on this issue. It's amazing how little
information there is about this. Right now I'm working on
doing an Authoritative restore. I just have to wait for
the other guys I'm working with to come up with the
password to get in to do the restore. If you give it a
try let me know how it goes.

Authoritative restore
http://support.microsoft.com/default.aspx?scid=kb;EN-
US;241594
 
What's the full text body on the 16650? I don't have that in front of
me.....

Also, are you able to create new users (want to test if you can in fact use
a RID) on the DC?

Let's get those two bits of info, and I have a few ideas of what it might
be.

~Eric
 
-----Original Message-----
I hope you didn't have to pay him. I figured they would
be helping more on this issue. It's amazing how little
information there is about this. Right now I'm working on
doing an Authoritative restore. I just have to wait for
the other guys I'm working with to come up with the
password to get in to do the restore. If you give it a
try let me know how it goes.

Authoritative restore
http://support.microsoft.com/default.aspx?scid=kb;EN-
US;241594

.
Click to expand...
David,

When using NTDSUtil to seize the RID Master are you
connecting to the Server to which you want to seize that
FSMO Role ( meaning, the server that you want to hold
that role after this procedure )? Why are you trying to
seize everything? Does this DC hold all five of the FSMO
Roles? You should only SEIZE the FSMO Roles that this DC
holds. The other choice is to transfer roles, which may
not apply here.

Have you tried hitting the F7 button? You do not give
very detailed information. Sorry, not trying to be
aggresive.

Have you possibly looked at http://www.eventid.net? Take
a look at this link: http://www.eventid.net/display.asp?
eventid=16650&source=

Not sure that it will help, though.

HTH,

Cary
 
run dsquery server -hasfsmo rid and find out where and if you have a rid
master. If you have succefully seized the role, you can NOT bring the old on
back on line. That may be your issue.

The use ntdsutil to remove the domain controller from AD. It may be in there
mucky things up.

dw
 
I guess I should give a little more info. What I am
trying to do is learn how to restore a DC from backup.
Since this is a test I am doing things in a lab
environment. I have only attempted to restore one server
out of four. I thought that I would be able to transfer
all the roles to the restored system. I'm sure some of
the problems stem from the DC not being able to
communicate with other DC's.

All I have done so far is to backup the one DC. This DC
is the RID, PDC and Infrastructure Master, as well as
having the Global Cataloge. I restored the backup to a
server that is close but not exactly the same hardware,
and it's on a LAN not connected to the network. (I don't
want to damage anything.)



Event 16650
MessageId=0x410A
SymbolicName=SAMMSG_RID_INIT_FAILURE
Language=English
The account-identifier allocator failed to initialize
properly. The record data contains the NT error code that
caused the failure. Windows 2000 may retry the
initialization until it succeeds; until that time, account
creation will be denied on this Domain Controller. Please
look for other SAM event logs that may indicate the exact
reason for the failure.
 
If you try and create a user post-restore on this DC does it succeed?
Also, what does a dcdiag say about the rid pool and rid manager?

Finally, this dc is a backup from the production domain....how many dc's are
in the production domain that this backup came from? If more than 1 in
production, have you satisfied init sync (assuming this is SP3 or SP4 or
W2K03, which I assume it is) and how?

~Eric
 
I can't create user accounts or join computers, but I can
log into the system with my domain account. I'm not sure
what to look for in DCDIAG, but it basically says
everything is failed. It says it can't contact the GC and
such, but the server I'm trying to use is the DC. DNS
Shows failed, but I can query it even from another box.

-----------------
DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\SPEEDY
Starting test: Connectivity
......................... SPEEDY passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SPEEDY
Starting test: Replications
[Replications Check,SPEEDY] A recent replication
attempt failed:
From TAZ to SPEEDY
Naming Context:
CN=Schema,CN=Configuration,DC=ufcunet,DC=ad
The replication generated an error (8524):
The DSA operation is unable to proceed because
of a DNS lookup failure.
The failure occurred at 2003-11-05 14:11.16.
The last success occurred at 2003-11-04
14:54.00.
5 failures have occurred since the last
success.
The guid-based DNS name 9a5ea80b-2429-44f0-
9f6a-572f4de9943c._msdcs.ufcunet.ad
is not registered on one or more DNS servers.
[TAZ] DsBind() failed with error 1753,
There are no more endpoints available from the
endpoint mapper..
[Replications Check,SPEEDY] A recent replication
attempt failed:
From MARVIN to SPEEDY
Naming Context:
CN=Schema,CN=Configuration,DC=ufcunet,DC=ad
The replication generated an error (8524):
The DSA operation is unable to proceed because
of a DNS lookup failure.
The failure occurred at 2003-11-05 14:26.42.
The last success occurred at 2003-11-04
15:09.00.
4 failures have occurred since the last
success.
The guid-based DNS name a95a2f05-d933-4491-
acc7-8a7c7d820f2b._msdcs.ufcunet.ad
is not registered on one or more DNS servers.
[Replications Check,SPEEDY] A recent replication
attempt failed:
From TAZ to SPEEDY
Naming Context:
CN=Configuration,DC=ufcunet,DC=ad
The replication generated an error (8524):
The DSA operation is unable to proceed because
of a DNS lookup failure.
The failure occurred at 2003-11-05 14:11.16.
The last success occurred at 2003-11-04
15:19.00.
5 failures have occurred since the last
success.
The guid-based DNS name 9a5ea80b-2429-44f0-
9f6a-572f4de9943c._msdcs.ufcunet.ad
is not registered on one or more DNS servers.
[Replications Check,SPEEDY] A recent replication
attempt failed:
From MARVIN to SPEEDY
Naming Context:
CN=Configuration,DC=ufcunet,DC=ad
The replication generated an error (8524):
The DSA operation is unable to proceed because
of a DNS lookup failure.
The failure occurred at 2003-11-05 14:26.40.
The last success occurred at 2003-11-04
15:09.00.
4 failures have occurred since the last
success.
The guid-based DNS name a95a2f05-d933-4491-
acc7-8a7c7d820f2b._msdcs.ufcunet.ad
is not registered on one or more DNS servers.
[Replications Check,SPEEDY] A recent replication
attempt failed:
From TAZ to SPEEDY
Naming Context: DC=ufcunet,DC=ad
The replication generated an error (8524):
The DSA operation is unable to proceed because
of a DNS lookup failure.
The failure occurred at 2003-11-05 14:11.16.
The last success occurred at 2003-11-04
15:16.33.
5 failures have occurred since the last
success.
The guid-based DNS name 9a5ea80b-2429-44f0-
9f6a-572f4de9943c._msdcs.ufcunet.ad
is not registered on one or more DNS servers.
[Replications Check,SPEEDY] A recent replication
attempt failed:
From MARVIN to SPEEDY
Naming Context: DC=ufcunet,DC=ad
The replication generated an error (8524):
The DSA operation is unable to proceed because
of a DNS lookup failure.
The failure occurred at 2003-11-05 14:26.38.
The last success occurred at 2003-11-04
15:09.00.
4 failures have occurred since the last
success.
The guid-based DNS name a95a2f05-d933-4491-
acc7-8a7c7d820f2b._msdcs.ufcunet.ad
is not registered on one or more DNS servers.
......................... SPEEDY passed test
Replications
Starting test: NCSecDesc
......................... SPEEDY passed test
NCSecDesc
Starting test: NetLogons
......................... SPEEDY passed test
NetLogons
Starting test: Advertising
......................... SPEEDY passed test
Advertising
Starting test: KnowsOfRoleHolders
......................... SPEEDY passed test
KnowsOfRoleHolders
Starting test: RidManager
The DS has corrupt data:
rIDPreviousAllocationPool value is not valid
No rids allocated -- please check eventlog.
......................... SPEEDY failed test
RidManager
Starting test: MachineAccount
......................... SPEEDY passed test
MachineAccount
Starting test: Services
......................... SPEEDY passed test
Services
Starting test: ObjectsReplicated
......................... SPEEDY passed test
ObjectsReplicated
Starting test: frssysvol
Error: No record of File Replication System,
SYSVOL started.
The Active Directory may be prevented from
starting.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SPEEDY passed test
frssysvol
Starting test: kccevent
An Error Event occured. EventID: 0xC0000466
Time Generated: 11/05/2003 14:26:31
Event String: Unable to establish connection
with global

An Warning Event occured. EventID: 0x8000061E
Time Generated: 11/05/2003 14:31:44
Event String: All servers in site

An Error Event occured. EventID: 0xC000051F
Time Generated: 11/05/2003 14:31:44
Event String: The Directory Service
consistency checker has

An Warning Event occured. EventID: 0x8000061E
Time Generated: 11/05/2003 14:31:44
Event String: All servers in site

An Error Event occured. EventID: 0xC000051F
Time Generated: 11/05/2003 14:31:44
Event String: The Directory Service
consistency checker has

An Warning Event occured. EventID: 0x800004F1
Time Generated: 11/05/2003 14:32:07
Event String: The attempt to establish a
replication link with

An Warning Event occured. EventID: 0x800004F1
Time Generated: 11/05/2003 14:32:30
Event String: The attempt to establish a
replication link with

An Warning Event occured. EventID: 0x800004F1
Time Generated: 11/05/2003 14:32:53
Event String: The attempt to establish a
replication link with

......................... SPEEDY failed test
kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0001B61
Time Generated: 11/05/2003 13:36:42
Event String: Timeout (30000 milliseconds)
waiting for the

An Error Event occured. EventID: 0xC0001B58
Time Generated: 11/05/2003 13:36:45
Event String: The Compaq Web Agent service
failed to start due

An Error Event occured. EventID: 0x0000410A
Time Generated: 11/05/2003 13:37:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC004000F
Time Generated: 11/05/2003 13:38:12
Event String: The device,
\Device\Scsi\cpqarry21, is not ready

An Error Event occured. EventID: 0x0000410A
Time Generated: 11/05/2003 13:39:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410A
Time Generated: 11/05/2003 13:41:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0001B70
Time Generated: 11/05/2003 13:47:10
Event String: The Messenger service terminated
with

An Error Event occured. EventID: 0xC00110C3
Time Generated: 11/05/2003 13:47:26
Event String: WINS tried to get its addresses
but failed. WINS

An Error Event occured. EventID: 0xC0001B6F
Time Generated: 11/05/2003 13:57:30
Event String: The Kerberos Key Distribution
Center service

An Error Event occured. EventID: 0x00000C17
Time Generated: 11/05/2003 13:57:36
Event String: This Windows NT computer is
configured as a

An Error Event occured. EventID: 0xC0001B70
Time Generated: 11/05/2003 13:57:36
Event String: The Net Logon service terminated
with

An Error Event occured. EventID: 0xC0001B59
Time Generated: 11/05/2003 13:57:40
Event String: The Microsoft Active Directory
Connector service

An Error Event occured. EventID: 0xC0001B6F
Time Generated: 11/05/2003 13:57:41
Event String: The Intersite Messaging service
terminated with

An Error Event occured. EventID: 0xC004000F
Time Generated: 11/05/2003 13:59:29
Event String: The device,
\Device\Scsi\cpqarry21, is not ready

An Error Event occured. EventID: 0xC004000F
Time Generated: 11/05/2003 13:59:49
Event String: The device,
\Device\Scsi\cpqarry21, is not ready

An Error Event occured. EventID: 0xC004000F
Time Generated: 11/05/2003 14:00:09
Event String: The device,
\Device\Scsi\cpqarry21, is not ready

An Error Event occured. EventID: 0xC004000F
Time Generated: 11/05/2003 14:00:29
Event String: The device,
\Device\Scsi\cpqarry21, is not ready

An Error Event occured. EventID: 0xC0000013
Time Generated: 11/05/2003 14:11:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000021
Time Generated: 11/05/2003 14:11:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00110CD
Time Generated: 11/05/2003 14:12:13
Event String: The computer running the WINS
server does not

An Error Event occured. EventID: 0xC0011045
Time Generated: 11/05/2003 14:12:13
Event String: WINS has encountered an error
that caused it to

An Error Event occured. EventID: 0xC0001B6F
Time Generated: 11/05/2003 14:12:13
Event String: The Windows Internet Name
Service (WINS) service

An Error Event occured. EventID: 0x0000410A
Time Generated: 11/05/2003 14:12:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000069
Time Generated: 11/05/2003 14:12:19
Event String: The server was unable to
register the

An Error Event occured. EventID: 0xC0001B65
Time Generated: 11/05/2003 14:12:30
Event String: Logon attempt with current
password failed with

An Error Event occured. EventID: 0xC0001B58
Time Generated: 11/05/2003 14:12:30
Event String: The Microsoft Active Directory
Connector service

An Error Event occured. EventID: 0xC0000069
Time Generated: 11/05/2003 14:12:34
Event String: The server was unable to
register the

An Error Event occured. EventID: 0x0000410A
Time Generated: 11/05/2003 14:14:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410A
Time Generated: 11/05/2003 14:16:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC4350505
Time Generated: 11/05/2003 14:16:45
Event String: Compaq NIC Agent: Connectivity
has been lost for

An Error Event occured. EventID: 0xC4350505
Time Generated: 11/05/2003 14:16:46
Event String: Compaq NIC Agent: Connectivity
has been lost for

An Error Event occured. EventID: 0x0000410A
Time Generated: 11/05/2003 14:18:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410A
Time Generated: 11/05/2003 14:20:15
(Event String could not be retrieved)
......................... SPEEDY failed test
systemlog

Running enterprise tests on : ufcunet.ad
Starting test: Intersite
......................... ufcunet.ad passed test
Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call
failed, error 1355
A Global Catalog Server could not be located -
All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed,
error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED)
call failed, error 1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed,
error 1355
A KDC could not be located - All the KDCs are
down.
......................... ufcunet.ad failed test
FsmoCheck


-----Original Message-----
If you try and create a user post-restore on this DC does it succeed?
Also, what does a dcdiag say about the rid pool and rid manager?

Finally, this dc is a backup from the production domain....how many dc's are
in the production domain that this backup came from? If more than 1 in
production, have you satisfied init sync (assuming this is SP3 or SP4 or
W2K03, which I assume it is) and how?

~Eric

--
Eric Fleischman [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights


I guess I should give a little more info. What I am
trying to do is learn how to restore a DC from backup.
Since this is a test I am doing things in a lab
environment. I have only attempted to restore one server
out of four. I thought that I would be able to transfer
all the roles to the restored system. I'm sure some of
the problems stem from the DC not being able to
communicate with other DC's.

All I have done so far is to backup the one DC. This DC
is the RID, PDC and Infrastructure Master, as well as
having the Global Cataloge. I restored the backup to a
server that is close but not exactly the same hardware,
and it's on a LAN not connected to the network. (I don't
want to damage anything.)



Event 16650
MessageId=0x410A
SymbolicName=SAMMSG_RID_INIT_FAILURE
Language=English
The account-identifier allocator failed to initialize
properly. The record data contains the NT error code that
caused the failure. Windows 2000 may retry the
initialization until it succeeds; until that time, account
creation will be denied on this Domain Controller. Please
look for other SAM event logs that may indicate the exact
reason for the failure.

AD.
It may be in there
Click to expand...


.
Click to expand...
 
Hi David,

I hav just successfully completed a DR of an AD to different hardware myself
and experienced the same error.
If I ran netdom query fsmo on my recovered DC it said that it had all the
fsmo roles. But I stll got the rid error when trying to create new objects.

1. make sure you have configured your dns settings as in the techarticle
from MS you were using.

2. make sure the SYSVOL folder is shared. NB this is a system share and
cannot be shared using explorer. See
http://www.jsiinc.com/SUBG/TIP3300/rh3304.htm for more info.

3. run gpedit.msc from the cmd prompt and make sure 'authenticated users'
and 'enterprise domain controllers' are assigned the rights 'access this
computer from the network'

4. Now to get the rid master role working. Build another 2000 server. join
it to the domain. Seize the rid master role onto this server. replicate AD
using sites and services snap-in. reboot both servers. The rid error should
of cleared and you can now sieze it back to original dc using same steps
above. Once all ok just run dcpromo again on the other domain controller to
de-promote it.

5. On anoher note you may have lots of errors in your AD replication event
log because there used to be other existin domain controllers in the domain.
use the following article to remove it via ntdsutil.

Oh and good luck. But trust me it does work. Mine was even worse because
after following the MS article mine wouldnt even boot! But perservere it can
be done.

Regards,

Steve
 
You the man!!!!!

Thanks a bunch. I think Microsoft should think about
making an article that described the steps you gave me.

:)
 
Glad to help.

Steve

David Jenkins said:
You the man!!!!!

Thanks a bunch. I think Microsoft should think about
making an article that described the steps you gave me.

:)
Click to expand...
 
How do you remove the dead DCs that are no longer in the
test environment? I know you are suppose to clean it up
in metadata, but running into some errors. Does anyone
have any idea?
 
Hi,

Firstly make sure that server isn't holding any fsmo roles. To do this use the netdom command (requires you install support tools from server cdrom).
netdom query fsmo

If it does hold any fsmo roles then transfer or seize them. NB if you try to seiz a role it will always try to transfer it first anyway.

Make sure AD replication has taken place before going any further.

Follow the following steps from this article http://www.jsifaq.com/SUBJ/tip4900/rh4984.htm

Tou may also have to manually remove the connections from the sites and services snap-in.

Steve
 
Thank you steve. You are the best. I'll try and let you
know how it turns out.
-----Original Message-----
Hi,

Firstly make sure that server isn't holding any fsmo
Click to expand...
roles. To do this use the netdom command (requires you
install support tools from server cdrom).
netdom query fsmo

If it does hold any fsmo roles then transfer or seize
Click to expand...
them. NB if you try to seiz a role it will always try to
transfer it first anyway.
Make sure AD replication has taken place before going any further.

Follow the following steps from this article http://www.jsifaq.com/SUBJ/tip4900/rh4984.htm

Tou may also have to manually remove the connections from
Click to expand...
the sites and services snap-in.
 
Hi Steve,
After trying your instructions, I have 4 out of 5 roles
seized with the exception of domain naming master. I'm
getting the same error as Mike. Below is the error:
fsmo maintenance: seize domain naming master
Attempting safe transfer of domain naming FSMO before
seizure.
ldap_modify_sW error 0x35(53 (Unwilling To Perform).
Ldap extended error message is 0000214B: SvcErr: DSID-
03210792, problem 5003 (WI
LL_NOT_PERFORM), data 0

Win32 error returned is 0x214b(Only DSAs configured to be
Global Catalog servers
should be allowed to hold the Domain Naming Master FSMO
role.)
)

The DC was originally a GC, but I had it taken it off due
to one of the Microsoft article. I have restored the
machine back as GC, but it doesn't work. Can you help?
 
Back
Top