Windows Server - Urgent! Domain controller lost

Asked By Gaspar on 16-Jun-10 11:15 AM

I used to have two 2003 domain controller servers (SERVER1 and SERVER2). One
of them (SERVER1) broke down and it is not available anymore.

I need:
- To safely remove SERVER1 from DC list in AD (in SERVER2).
- To install a new server as DC (SERVER3).

I googled a lot searching info on removing a failed DC but it does not seem
like an easy task. What security measures must I take on SERVER2 before
removing?

Thanks a lot!

Meinolf Weber [MVP-DS] replied to Gaspar on 17-Jun-10 01:43 AM

Hello Gaspar,

See my article about metadata cleanup, this includes also the information
about the running DC:
http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx

In short, the existing one must be DNS server, Global catalog server and
have all FSMOs before you can add a new DC to the domain.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Gaspar replied to Meinolf Weber [MVP-DS] on 17-Jun-10 07:06 AM

I read the post and the microsoft articles. I run ntdsutil but I got some
errors regarding FSMO role transfers. Is this normal? If not, what should I
do?
Below is the ntdsutil output. SERVER1 is the failed DC, SERVER2 is now the
only live DC.
Thanks!

*****************************
ntdsutil
ntdsutil: roles
fsmo maintenance: ^C
ntdsutil
ntdsutil: list domains
Error 80070057 parsing input - illegal syntax?
ntdsutil: metadata cleanup
metadata cleanup: connections
server connections: connect to server server2
Binding to server2 ...
Connected to server2 using credentials of locally logged on user.
server connections: q
metadata cleanup: select operation target
select operation target: list domains
Found 1 domain(s)
0 - DC=testdomain,DC=org,DC=ar
select operation target: select domain 0
No current site
Domain - DC=testdomain,DC=org,DC=ar
No current server
No current Naming Context
select operation target: list sites
Found 1 site(s)
0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=o
rg,DC=ar
select operation target: select site 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D
C=org,DC=ar
Domain - DC=testdomain,DC=org,DC=ar
No current server
No current Naming Context
select operation target: list servers in site
Found 2 server(s)
0 -
CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,D
C=testdomain,DC=org,DC=ar
1 -
CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,D
C=testdomain,DC=org,DC=ar
select operation target: select server 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D
C=org,DC=ar
Domain - DC=testdomain,DC=org,DC=ar
Server -
CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurat
ion,DC=testdomain,DC=org,DC=ar
DSA object - CN=NTDS
Settings,CN=SERVER1,CN=Servers,CN=Default-First-Sit
e-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar
DNS host name - server1.testdomain.org.ar
Computer object - CN=SERVER1,OU=Domain Controllers,DC=testdomain,DC
=org,DC=ar
No current Naming Context
select operation target: q
metadata cleanup: remove selected server
Transferring / Seizing FSMO roles off the selected server.
Binding to server2.testdomain.org.ar ...
Moving Domain Naming Master FSMO onto "CN=NTDS
Settings,CN=SERVER2,CN=Servers,CN
=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=
ar".

Attempting safe transfer of domain naming FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-03210333, problem 5002
(UN
AVAILABLE), data 1722

Win32 error returned is 0x20af(The requested FSMO operation failed. The
current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of domain naming FSMO failed, proceeding with seizure ...
Server "server2" knows about 5 roles
Schema - CN=NTDS
Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=testdomain,DC=org,DC=ar
Domain - CN=NTDS
Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=testdomain,DC=org,DC=ar
PDC - CN=NTDS
Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=testdomain,DC=org,DC=ar
RID - CN=NTDS
Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=testdomain,DC=org,DC=ar
Infrastructure - CN=NTDS
Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na
me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar
Moving Schema Master FSMO onto "CN=NTDS

Previous Windows Server Discussion: Windows 2000 and running Chkdsk /F /R on the D: \drive

INSTANTLY dtSearch TERABYTES OF POPULAR DATA TYPES; hundreds of reviews, etc.!