Windows Server - Domain Controller Issue - Urgent Help

Asked By bcurra on 04-Mar-08 02:09 AM
Due to some issues with a failed domain controller upgrade to new
hardware, I am having an issue with my domain controllers. I demoted
one of my DCs after this upgrade and had many issues. I restored the
DC from backup, however now that DC does not appear in the Domain
Controllers group under AD Users and Computers. My question is, can I
just run DCPROMO again to make it a domain controller again. I have
another DC that is functioning and is authenticating users and
allowing for Exchange mail delivery just fine. The only issue I have
is that when our users change their passwords, through Netware, and
try to sync them with windows, their Windows accounts keep getting
locked out.

Can anyone offer any suggestions here. When I did my restore more then
a week ago, I did not do an Authoritative Restore as I did not know I
should do that. Any help is greatly appreciated and I will elaborate
if necessary, just let me know.

Thanks,

Bill




Meinolf Weber replied on 04-Mar-08 02:09 AM
Hello bcurran@gmail.com,

How many DC's do you have now running and hwich FSMO roles did they hold?
Which one of the running is GLobal catalog/DNS server? Until that is cleared
wait with promoting new machines, you have to cleanup Active directory before
bringing in new DC's.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
bcurra replied on 06-Mar-08 08:37 PM
I have one DC that appears in the Domain Controllers container in AD
Users and Computers. That DC has all the FSMO roles I think. It is a
DNS server as well. The DC that is not appearing in ADUC is also a DNS
server. The other machines that are the new hardware I was trying to
upgrade to are not members of the Domain yet. I blew them away and
started over again. I guess my big question is, can I just run DCPROMO
on the machine that is not appearing in ADUC and get back to the way
things were before or should I just bring promote these new machines
to DCs and go from there.
bcurra replied on 06-Mar-08 08:37 PM
As an add on to my response, I verified that the current DC has all
FSMO roles and is the Global Catalog as well. I think at this point, I
can bring my new servers online, run DCPROMO, setup DNS and all that,
wait for everything to replicate, then move the FSMO roles from the
server that is working to the two new ones. Do you know that best way
to split up the roles? Then I should be able to decomission my old DC.
I also need to change the client machines to point to the new DNS
servers. Am I missing anything here?