Windows Server - Domain Controllers are fighting...

Asked By Christag on 07-May-10 11:37 AM

I have two domain controllers on my network and it seems both are fighting
to be primary, (I think it has something to do with the primary being on 2003
SBS and the other on 2003) so we have decided to demote the second one.

The problem is that when I run dcpromo.exe on the second server, I am told
that it is the last DC and that my network will go down if it gets demoted.

This does not make sense as the primary dc should be recognized and will pick
up once the second goes off.

Is it safe to demote this second controller and ignore its warnings? Or will
I really lose everything.

kj [SBS MVP] replied to Christag on 07-May-10 11:51 AM

You absolutly should not attempt to demote the SBS server. Sounds like the
addition of the second DC never really completed or was performed correctly.
Likely you will loose all changes that have been made using the second DC
that were never replicated to the first DC.

Why do you think they are 'fighting'.

I'd suggest doing some troubleshooting first to ascertrain the depth of the
problem before whacking off what appears to be an offending arm.


--
/kj

Chris Puckett [MSFT] replied to kj [SBS MVP] on 07-May-10 12:18 PM

It sounds to me like they are both in independent domains with the same
domain name.  Check each one to see if both of them show up as DC's in the
Domain Controllers OU in AD Users and Computers.

If they are in independent domains, just unplug the second one from the
network to see if the problem goes away.

--
Chris Puckett

This posting is provided "AS IS" with no warranties, and confers no rights.

kj [SBS MVP] replied to Chris Puckett [MSFT] on 07-May-10 06:34 PM

Could be too. For certain, a run of the sysinternals tool "psgetsid" against
each DC would confirm as if they were part of the same domain, they'd have
identical SIDS. If not, then they'd be different.

http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx



--
/kj

Ace Fekay [MVP - Directory Services, MCT] replied to kj [SBS MVP] on 08-May-10 12:42 PM

From the description and symptoms, I agree the second DC was installed
as a DC in a new domain, hence the contention.

That definitely can be confirmed with the PSGETSID tool, as you
mentioned.

I agree with Chris to simply unplug it, and rebuild it, then promote
it as a Replica in an Existing Domain.

Ace




Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

kj [SBS MVP] replied to Ace Fekay [MVP - Directory Services, MCT] on 08-May-10 05:08 PM

Never tried it but since SBS does not support child domain or trusts of any
kind, it should not have created a child domain with the SBS server holding
the FSMO roles. If it did somehow join in the existing forest a metadata
cleanup would be needed or orphaned stuff is going to hang around with a
simple unplug it job.




--
/kj

Ace Fekay [MVP - Directory Services, MCT] replied to kj [SBS MVP] on 10-May-10 12:26 AM

I think from the description that he may have opted to make a new
domain in a new forest while promoting.

But not sure. Hope we hear a response.

Ace

Previous Windows Server Discussion: Time out of sync on domain computers

Access over 40 UI widgets with everything from interactive menus to rich charts.