Urgent! Domain controller lost
in [Windows Servers]
|
From: Gaspar on 16 Jun 2010 11:15 I used to have two 2003 domain controller servers (SERVER1 and SERVER2). One of them (SERVER1) broke down and it's not available anymore. I need: - To safely remove SERVER1 from DC list in AD (in SERVER2). - To install a new server as DC (SERVER3). I googled a lot searching info on removing a failed DC but it doesn't seem like an easy task. What security measures must I take on SERVER2 before removing? Thanks a lot!
From: Meinolf Weber [MVP-DS] on 17 Jun 2010 01:43 Hello Gaspar, See my article about metadata cleanup, this includes also the information about the running DC: http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx In short, the existing one must be DNS server, Global catalog server and have all FSMOs before you can add a new DC to the domain. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I used to have two 2003 domain controller servers (SERVER1 and > SERVER2). One of them (SERVER1) broke down and it's not available > anymore. > > I need: > - To safely remove SERVER1 from DC list in AD (in SERVER2). > - To install a new server as DC (SERVER3). > I googled a lot searching info on removing a failed DC but it doesn't > seem like an easy task. What security measures must I take on SERVER2 > before removing? > > Thanks a lot! >
From: Gaspar on 17 Jun 2010 07:06 I read the post and the microsoft articles. I run ntdsutil but I got some errors regarding FSMO role transfers. Is this normal? If not, what should I do? Below is the ntdsutil output. SERVER1 is the failed DC, SERVER2 is now the only live DC. Thanks! ***************************** ntdsutil ntdsutil: roles fsmo maintenance: ^C ntdsutil ntdsutil: list domains Error 80070057 parsing input - illegal syntax? ntdsutil: metadata cleanup metadata cleanup: connections server connections: connect to server server2 Binding to server2 ... Connected to server2 using credentials of locally logged on user. server connections: q metadata cleanup: select operation target select operation target: list domains Found 1 domain(s) 0 - DC=testdomain,DC=org,DC=ar select operation target: select domain 0 No current site Domain - DC=testdomain,DC=org,DC=ar No current server No current Naming Context select operation target: list sites Found 1 site(s) 0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=o rg,DC=ar select operation target: select site 0 Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D C=org,DC=ar Domain - DC=testdomain,DC=org,DC=ar No current server No current Naming Context select operation target: list servers in site Found 2 server(s) 0 - CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,D C=testdomain,DC=org,DC=ar 1 - CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,D C=testdomain,DC=org,DC=ar select operation target: select server 0 Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D C=org,DC=ar Domain - DC=testdomain,DC=org,DC=ar Server - CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurat ion,DC=testdomain,DC=org,DC=ar DSA object - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Sit e-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar DNS host name - server1.testdomain.org.ar Computer object - CN=SERVER1,OU=Domain Controllers,DC=testdomain,DC =org,DC=ar No current Naming Context select operation target: q metadata cleanup: remove selected server Transferring / Seizing FSMO roles off the selected server. Binding to server2.testdomain.org.ar ... Moving Domain Naming Master FSMO onto "CN=NTDS Settings,CN=SERVER2,CN=Servers,CN =Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC= ar". Attempting safe transfer of domain naming FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-03210333, problem 5002 (UN AVAILABLE), data 1722 Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of domain naming FSMO failed, proceeding with seizure ... Server "server2" knows about 5 roles Schema - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar Domain - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar PDC - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar RID - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar Infrastructure - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar Moving Schema Master FSMO onto "CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Defaul t-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar". Attempting safe transfer of schema FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-03210333, problem 5002 (UN AVAILABLE), data 1722 Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of schema FSMO failed, proceeding with seizure ... Server "server2" knows about 5 roles Schema - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar Domain - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar PDC - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar RID - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar Infrastructure - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar Moving PDC FSMO onto "CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Si te-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar". Attempting safe transfer of PDC FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-0321051A, problem 5002 (UN AVAILABLE), data 1722 Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of PDC FSMO failed, proceeding with seizure ... Server "server2" knows about 5 roles Schema - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar Domain - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar PDC - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar RID - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar Infrastructure - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar Moving Rid Master FSMO onto "CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-F irst-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar". Attempting safe transfer of RID FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-0321092B, problem 5002 (UN AVAILABLE), data 1722 Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of RID FSMO failed, proceeding with seizure ... Searching for highest rid pool in domain Server "server2" knows about 5 roles Schema - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar Domain - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar PDC - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar RID - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar Infrastructure - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar Removing FRS metadata for the selected server. Searching for FRS members under "CN=SERVER1,OU=Domain Controllers,DC=testdomain ,DC=org,DC=ar". Removing FRS member "CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File R eplication Service,CN=System,DC=testdomain,DC=org,DC=ar". Deleting subtree under "CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=Fil e Replication Service,CN=System,DC=testdomain,DC=org,DC=ar". Deleting subtree under "CN=SERVER1,OU=Domain Controllers,DC=testdomain,DC=o rg,DC=ar". The attempt to remove the FRS settings on CN=SERVER1,CN=Servers,CN=Default-First -Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar failed beca use "Element not found."; metadata cleanup is continuing. "CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=h ospitalneuquen,DC=org,DC=ar" removed from server "server2" metadata cleanup: q ***************************** "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message news:6cb2911d1199f8ccdc07ef6e3524(a)msnews.microsoft.com... > Hello Gaspar, > > See my article about metadata cleanup, this includes also the information > about the running DC: > http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx > > In short, the existing one must be DNS server, Global catalog server and > have all FSMOs before you can add a new DC to the domain. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and > confers no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >> I used to have two 2003 domain controller servers (SERVER1 and >> SERVER2). One of them (SERVER1) broke down and it's not available >> anymore. >> >> I need: >> - To safely remove SERVER1 from DC list in AD (in SERVER2). >> - To install a new server as DC (SERVER3). >> I googled a lot searching info on removing a failed DC but it doesn't >> seem like an easy task. What security measures must I take on SERVER2 >> before removing? >> >> Thanks a lot! >> > >
From: Meinolf Weber [MVP-DS] on 17 Jun 2010 07:42 Hello Gaspar, The included error just say, DC1(failed) is not to contact, just to make sure it is really not operational and then it does the seize operation for each FSMO that should be seized. Or which error do you mean? If you run in a command prompt "netdom query fsmo" does it show the correct server for the FSMO roles? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I read the post and the microsoft articles. I run ntdsutil but I got > some > errors regarding FSMO role transfers. Is this normal? If not, what > should I > do? > Below is the ntdsutil output. SERVER1 is the failed DC, SERVER2 is now > the > only live DC. > Thanks! > ***************************** > ntdsutil > ntdsutil: roles > fsmo maintenance: ^C > ntdsutil > ntdsutil: list domains > Error 80070057 parsing input - illegal syntax? > ntdsutil: metadata cleanup > metadata cleanup: connections > server connections: connect to server server2 > Binding to server2 ... > Connected to server2 using credentials of locally logged on user. > server connections: q > metadata cleanup: select operation target > select operation target: list domains > Found 1 domain(s) > 0 - DC=testdomain,DC=org,DC=ar > select operation target: select domain 0 > No current site > Domain - DC=testdomain,DC=org,DC=ar > No current server > No current Naming Context > select operation target: list sites > Found 1 site(s) > 0 - > CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC= > o > rg,DC=ar > select operation target: select site 0 > Site - > CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D > C=org,DC=ar > Domain - DC=testdomain,DC=org,DC=ar > No current server > No current Naming Context > select operation target: list servers in site > Found 2 server(s) > 0 - > CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura > tion,D > C=testdomain,DC=org,DC=ar > 1 - > CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura > tion,D > C=testdomain,DC=org,DC=ar > select operation target: select server 0 > Site - > CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D > C=org,DC=ar > Domain - DC=testdomain,DC=org,DC=ar > Server - > CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura > t > ion,DC=testdomain,DC=org,DC=ar > DSA object - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Sit > e-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar > DNS host name - server1.testdomain.org.ar > Computer object - CN=SERVER1,OU=Domain > Controllers,DC=testdomain,DC > =org,DC=ar > No current Naming Context > select operation target: q > metadata cleanup: remove selected server > Transferring / Seizing FSMO roles off the selected server. > Binding to server2.testdomain.org.ar ... > Moving Domain Naming Master FSMO onto "CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN > =Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or > g,DC= > ar". > Attempting safe transfer of domain naming FSMO before seizure. > ldap_modify_sW error 0x34(52 (Unavailable). > Ldap extended error message is 000020AF: SvcErr: DSID-03210333, > problem 5002 > (UN > AVAILABLE), data 1722 > Win32 error returned is 0x20af(The requested FSMO operation failed. > The > current > FSMO holder could not be contacted.) > ) > Depending on the error code this may indicate a connection, > ldap, or role transfer error. > Transfer of domain naming FSMO failed, proceeding with seizure ... > Server "server2" knows about 5 roles > Schema - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > Domain - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > PDC - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > RID - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > Infrastructure - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na > me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar > Moving Schema Master FSMO onto "CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Defaul > t-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar > ". > Attempting safe transfer of schema FSMO before seizure. > ldap_modify_sW error 0x34(52 (Unavailable). > Ldap extended error message is 000020AF: SvcErr: DSID-03210333, > problem 5002 > (UN > AVAILABLE), data 1722 > Win32 error returned is 0x20af(The requested FSMO operation failed. > The > current > FSMO holder could not be contacted.) > ) > Depending on the error code this may indicate a connection, > ldap, or role transfer error. > Transfer of schema FSMO failed, proceeding with seizure ... > Server "server2" knows about 5 roles > Schema - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > Domain - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > PDC - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > RID - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > Infrastructure - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na > me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar > Moving PDC FSMO onto "CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Si > te-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar". > Attempting safe transfer of PDC FSMO before seizure. > ldap_modify_sW error 0x34(52 (Unavailable). > Ldap extended error message is 000020AF: SvcErr: DSID-0321051A, > problem 5002 > (UN > AVAILABLE), data 1722 > Win32 error returned is 0x20af(The requested FSMO operation failed. > The > current > FSMO holder could not be contacted.) > ) > Depending on the error code this may indicate a connection, > ldap, or role transfer error. > Transfer of PDC FSMO failed, proceeding with seizure ... > Server "server2" knows about 5 roles > Schema - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > Domain - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > PDC - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > RID - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > Infrastructure - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na > me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar > Moving Rid Master FSMO onto "CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-F > irst-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar". > Attempting safe transfer of RID FSMO before seizure. > ldap_modify_sW error 0x34(52 (Unavailable). > Ldap extended error message is 000020AF: SvcErr: DSID-0321092B, > problem 5002 > (UN > AVAILABLE), data 1722 > Win32 error returned is 0x20af(The requested FSMO operation failed. > The > current > FSMO holder could not be contacted.) > ) > Depending on the error code this may indicate a connection, > ldap, or role transfer error. > Transfer of RID FSMO failed, proceeding with seizure ... > Searching for highest rid pool in domain > Server "server2" knows about 5 roles > Schema - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > Domain - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > PDC - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > RID - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > Infrastructure - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na > me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar > Removing FRS metadata for the selected server. > Searching for FRS members under "CN=SERVER1,OU=Domain > Controllers,DC=testdomain > ,DC=org,DC=ar". > Removing FRS member "CN=SERVER1,CN=Domain System Volume (SYSVOL > share),CN=File R > eplication Service,CN=System,DC=testdomain,DC=org,DC=ar". > Deleting subtree under "CN=SERVER1,CN=Domain System Volume (SYSVOL > share),CN=Fil > e Replication Service,CN=System,DC=testdomain,DC=org,DC=ar". > Deleting subtree under "CN=SERVER1,OU=Domain > Controllers,DC=testdomain,DC=o > rg,DC=ar". > The attempt to remove the FRS settings on > CN=SERVER1,CN=Servers,CN=Default-First > -Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar failed > beca > use "Element not found."; > metadata cleanup is continuing. > "CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur > ation,DC=h > ospitalneuquen,DC=org,DC=ar" removed from server "server2" > metadata cleanup: q > ***************************** > "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message > news:6cb2911d1199f8ccdc07ef6e3524(a)msnews.microsoft.com... > >> Hello Gaspar, >> >> See my article about metadata cleanup, this includes also the >> information about the running DC: >> http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-me >> tadata-cleanup.aspx >> >> In short, the existing one must be DNS server, Global catalog server >> and have all FSMOs before you can add a new DC to the domain. >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> I used to have two 2003 domain controller servers (SERVER1 and >>> SERVER2). One of them (SERVER1) broke down and it's not available >>> anymore. >>> >>> I need: >>> - To safely remove SERVER1 from DC list in AD (in SERVER2). >>> - To install a new server as DC (SERVER3). >>> I googled a lot searching info on removing a failed DC but it >>> doesn't >>> seem like an easy task. What security measures must I take on >>> SERVER2 >>> before removing? >>> Thanks a lot! >>>
From: Gaspar on 17 Jun 2010 09:19 Everythink seems to be OK. Thanks a lot for your time! "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message news:6cb2911d119ce8ccdc3a141fae47(a)msnews.microsoft.com... > Hello Gaspar, > > The included error just say, DC1(failed) is not to contact, just to make > sure it is really not operational and then it does the seize operation for > each FSMO that should be seized. > > Or which error do you mean? If you run in a command prompt "netdom query > fsmo" does it show the correct server for the FSMO roles? > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and > confers no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >> I read the post and the microsoft articles. I run ntdsutil but I got >> some >> errors regarding FSMO role transfers. Is this normal? If not, what >> should I >> do? >> Below is the ntdsutil output. SERVER1 is the failed DC, SERVER2 is now >> the >> only live DC. >> Thanks! >> ***************************** >> ntdsutil >> ntdsutil: roles >> fsmo maintenance: ^C >> ntdsutil >> ntdsutil: list domains >> Error 80070057 parsing input - illegal syntax? >> ntdsutil: metadata cleanup >> metadata cleanup: connections >> server connections: connect to server server2 >> Binding to server2 ... >> Connected to server2 using credentials of locally logged on user. >> server connections: q >> metadata cleanup: select operation target >> select operation target: list domains >> Found 1 domain(s) >> 0 - DC=testdomain,DC=org,DC=ar >> select operation target: select domain 0 >> No current site >> Domain - DC=testdomain,DC=org,DC=ar >> No current server >> No current Naming Context >> select operation target: list sites >> Found 1 site(s) >> 0 - >> CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC= >> o >> rg,DC=ar >> select operation target: select site 0 >> Site - >> CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D >> C=org,DC=ar >> Domain - DC=testdomain,DC=org,DC=ar >> No current server >> No current Naming Context >> select operation target: list servers in site >> Found 2 server(s) >> 0 - >> CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura >> tion,D >> C=testdomain,DC=org,DC=ar >> 1 - >> CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura >> tion,D >> C=testdomain,DC=org,DC=ar >> select operation target: select server 0 >> Site - >> CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D >> C=org,DC=ar >> Domain - DC=testdomain,DC=org,DC=ar >> Server - >> CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura >> t >> ion,DC=testdomain,DC=org,DC=ar >> DSA object - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Sit >> e-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar >> DNS host name - server1.testdomain.org.ar >> Computer object - CN=SERVER1,OU=Domain >> Controllers,DC=testdomain,DC >> =org,DC=ar >> No current Naming Context >> select operation target: q >> metadata cleanup: remove selected server >> Transferring / Seizing FSMO roles off the selected server. >> Binding to server2.testdomain.org.ar ... >> Moving Domain Naming Master FSMO onto "CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN >> =Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or >> g,DC= >> ar". >> Attempting safe transfer of domain naming FSMO before seizure. >> ldap_modify_sW error 0x34(52 (Unavailable). >> Ldap extended error message is 000020AF: SvcErr: DSID-03210333, >> problem 5002 >> (UN >> AVAILABLE), data 1722 >> Win32 error returned is 0x20af(The requested FSMO operation failed. >> The >> current >> FSMO holder could not be contacted.) >> ) >> Depending on the error code this may indicate a connection, >> ldap, or role transfer error. >> Transfer of domain naming FSMO failed, proceeding with seizure ... >> Server "server2" knows about 5 roles >> Schema - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Domain - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> PDC - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> RID - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Infrastructure - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Moving Schema Master FSMO onto "CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Defaul >> t-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar >> ". >> Attempting safe transfer of schema FSMO before seizure. >> ldap_modify_sW error 0x34(52 (Unavailable). >> Ldap extended error message is 000020AF: SvcErr: DSID-03210333, >> problem 5002 >> (UN >> AVAILABLE), data 1722 >> Win32 error returned is 0x20af(The requested FSMO operation failed. >> The >> current >> FSMO holder could not be contacted.) >> ) >> Depending on the error code this may indicate a connection, >> ldap, or role transfer error. >> Transfer of schema FSMO failed, proceeding with seizure ... >> Server "server2" knows about 5 roles >> Schema - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Domain - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> PDC - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> RID - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Infrastructure - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Moving PDC FSMO onto "CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Si >> te-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar". >> Attempting safe transfer of PDC FSMO before seizure. >> ldap_modify_sW error 0x34(52 (Unavailable). >> Ldap extended error message is 000020AF: SvcErr: DSID-0321051A, >> problem 5002 >> (UN >> AVAILABLE), data 1722 >> Win32 error returned is 0x20af(The requested FSMO operation failed. >> The >> current >> FSMO holder could not be contacted.) >> ) >> Depending on the error code this may indicate a connection, >> ldap, or role transfer error. >> Transfer of PDC FSMO failed, proceeding with seizure ... >> Server "server2" knows about 5 roles >> Schema - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Domain - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> PDC - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> RID - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Infrastructure - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Moving Rid Master FSMO onto "CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-F >> irst-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar". >> Attempting safe transfer of RID FSMO before seizure. >> ldap_modify_sW error 0x34(52 (Unavailable). >> Ldap extended error message is 000020AF: SvcErr: DSID-0321092B, >> problem 5002 >> (UN >> AVAILABLE), data 1722 >> Win32 error returned is 0x20af(The requested FSMO operation failed. >> The >> current >> FSMO holder could not be contacted.) >> ) >> Depending on the error code this may indicate a connection, >> ldap, or role transfer error. >> Transfer of RID FSMO failed, proceeding with seizure ... >> Searching for highest rid pool in domain >> Server "server2" knows about 5 roles >> Schema - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Domain - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> PDC - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> RID - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Infrastructure - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Removing FRS metadata for the selected server. >> Searching for FRS members under "CN=SERVER1,OU=Domain >> Controllers,DC=testdomain >> ,DC=org,DC=ar". >> Removing FRS member "CN=SERVER1,CN=Domain System Volume (SYSVOL >> share),CN=File R >> eplication Service,CN=System,DC=testdomain,DC=org,DC=ar". >> Deleting subtree under "CN=SERVER1,CN=Domain System Volume (SYSVOL >> share),CN=Fil >> e Replication Service,CN=System,DC=testdomain,DC=org,DC=ar". >> Deleting subtree under "CN=SERVER1,OU=Domain >> Controllers,DC=testdomain,DC=o >> rg,DC=ar". >> The attempt to remove the FRS settings on >> CN=SERVER1,CN=Servers,CN=Default-First >> -Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=org,DC=ar failed >> beca >> use "Element not found."; >> metadata cleanup is continuing. >> "CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur >> ation,DC=h >> ospitalneuquen,DC=org,DC=ar" removed from server "server2" >> metadata cleanup: q >> ***************************** >> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message >> news:6cb2911d1199f8ccdc07ef6e3524(a)msnews.microsoft.com... >> >>> Hello Gaspar, >>> >>> See my article about metadata cleanup, this includes also the >>> information about the running DC: >>> http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-me >>> tadata-cleanup.aspx >>> >>> In short, the existing one must be DNS server, Global catalog server >>> and have all FSMOs before you can add a new DC to the domain. >>> >>> Best regards >>> >>> Meinolf Weber >>> Disclaimer: This posting is provided "AS IS" with no warranties, and >>> confers no rights. >>> ** Please do NOT email, only reply to Newsgroups >>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>> I used to have two 2003 domain controller servers (SERVER1 and >>>> SERVER2). One of them (SERVER1) broke down and it's not available >>>> anymore. >>>> >>>> I need: >>>> - To safely remove SERVER1 from DC list in AD (in SERVER2). >>>> - To install a new server as DC (SERVER3). >>>> I googled a lot searching info on removing a failed DC but it >>>> doesn't >>>> seem like an easy task. What security measures must I take on >>>> SERVER2 >>>> before removing? >>>> Thanks a lot! >>>> > >
|
Next
|
Last
Pages: 1 2 Prev: Windows 2000 and running Chkdsk /F /R on the D: \drive Next: copy profile? |