A real big active dir problem 1

[edie209]

I have a win2000 domain I server doing dns dhcp file/print.
I added two 2003 servers raised them to Domain controllers and installed DNS on one. Everthing was going really well I was transfering data from the old 2000 DC to the new DC when then the network crashed, due to a switch (too much network traffic) when I replaced the switch I found that the 2003 domain controller was nolonger serving dns and today all my policies has dissappered.

I thought I would remove active directory from the 2003 server and start again but when I run dcpromo it tells me it is unable to contact a domain controler. it also tells me to make the 2003 server a member of a workgroup which I can't do without running dcpromo

Any ideas on where to start?

 

[teckystuff]

You may have to do a authoritive Active Directory restore

 

[edie209]

Hi I did that this morning and nothing has changed which is really confusing

 

[teckystuff]

You sure you did an authoritive restore - I'm not trying to doubt you but rather confirm - you have to run ntdsutil BEFORE you reboot after you have done the restore from backup.
Check this article for help:

http://support.microsoft.com/default.aspx?scid=kb;en-us;241594&sd=tech

 

[markdmac]

Ouch! Should not have done a restore.

You need to focus on the DNS. Make sure the DNS services are running on each DC. Make sure each DC is a GC.

On your server NICs, the DNS should only list local DNS servers and not ISP DNS servers. The ISP DNS needs to be on the Forwarders tab in the DNS snap-in.

If you wish to forcefull remove AD from the server, you will want to use dcpromo /forcedremoval

Since your original server still had a safe copy of your AD you do not want to do an authoritative restore. An authoritative restore is reserved for when your AD has become corrupt. Depending on how old your backup was, you have propbably now lost all of your latest changes in AD such as users IDs.

You need to run DCDIAG and NETDIAG on your servers for clues to what is wrong on your network. Also, I think my FAQ will help you: faq96-4733

I hope you find this post helpful.

Regards,

Mark

 

[teckystuff]

Mark I hear what you are saying but if he wanted to start all over again (like he suggested) it wouldn't be too bad to recover the W2K DC from backup and scrub the new servers and then start from fresh. Yes? If he has a recent backup he would not have lost much if at all.

 

[edie209]

Hi I didn't do an authoritive Active Directory restore it was just a normal Active Directory restore.

I have also noticed I am getting RPC server is unavailable. refering to a problem with DNS lookup.

dcdiag from the 2003 server

Domain Controller Diagnosis

Performing initial setup:
[INVINCIBLE] Directory Binding Error -2146892976:
Win32 Error -2146892976
This may limit some of the tests that can be performed.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\INVINCIBLE
Starting test: Connectivity
The host 17d99584-1f88-4a88-aa63-0ba8071d7dbe._msdcs.parkside.plymouth.
sch.uk could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(17d99584-1f88-4a88-aa63-0ba8071d7dbe._msdcs.******.******.**.uk)
couldn't be resolved, the server name
(INVINCIBLE.********.*******.**.uk) resolved to the IP address
(*.*.*.16) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... INVINCIBLE failed test Connectivity

Doing primary tests

Testing server: Default-First-Site\INVINCIBLE
Skipping all tests, because server INVINCIBLE is
not responding to directory service requests

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : parkside
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom

Running enterprise tests on : domain.*******.**.uk
Starting test: Intersite
......................... domain.*******.**.uk passed test Intersit
e
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.

 

[markdmac]

How about also running NETDIAG?

Clearly you have DNS issues. Start working on this from the original DC as it will be the FSMO role holder unless you already moved the roles.

Install the resource kit and run the following from each DC:
NETDOM /QUERY FSMO
NETDOM /QUERY DC

Carefull look at the results of eac and compare witht he results on each DC. Should be the same.

Make sure that DNS is running OK on the old server and if so move on to the new server. DNS is the core of your current troubles and that is where you need to focus. Until it is working AD replication can't take place so you don't know for certain if you have any problems with that.

I hope you find this post helpful.

Regards,

Mark

 

[edie209]

Thanks markdmac

I will do that first thing in the morning as I'm home now.

Thanks for all your help, I'm about to take the 291 exam, just started so I hope all this will help in a funny sort of way, is there any reading material you recommend

 

[markdmac]

LOL, yes I would recommend all of Support.Microsoft.com.

I hope you find this post helpful.

Regards,

Mark

 

[edie209]

Well there is a little lesson here I have found the problem a network card that was intermitant. This card must have been the reason why the network crashed originally. It seems that the card would work for periods then just die.

A lesson for me here check everthing physical and software