Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Replacement Domain Controller MAJOR ISSUES 1

Status
Not open for further replies.
netadmin19355

netadmin19355

IS-IT--Management
Dec 7, 2004
47
US
Good Morning,

I have searched all over the net and have still not resolved my issue. Here is the problem. I recently added a third DC into my AD Domain to replace an existing one so I would only have 2 DCs when all was said and done. I built the new one as a memeber server and then took the old server out of the loop (without running DCPROMO) and then I put AD on the new server (I renamed it first to the old server's name). I did that so all users that had mapped drives (it is a file server too) would not have to remap these drives.

I am now getting a TON of SAM errors on the new DC's event log. They are Event ID 16650, The account-identifier allocator failed to initialize properly.

I really need some help. I already tried to run DCPROMO to remove it and then add it back in. Any other thoughts?

Thanks,
Wes
 
Sort by date Sort by votes
I had a similar problem a while ago, the problem appears to come from naming the new server the same as the old one. Something to do with trust relationships i gather. How i resolved the problem was to rename the machine and then rejoin it the domain. And to solve the problems with mapped drives, i put an entry into DNS pointing the old server name to the new servers IP.
 
Upvote 0 Downvote
If you wish to make this server have the same name then you would need to first remove the other server so that its SID is no longer associated with that name.

At this point you have a mess to clean up. disconnect the new servers LAN cable and run DCPROMO /FORCEREMOVAL to make this machine a member of a workgroup. You will add it back later.

Plug the original back in and see if you can gracefully remove it as a DC. If not then repeate the steps above.

Next visit my FAQ faq96-4733 and get the script at the end to remove this server from AD. Then remove the servers entries from DNS.

You can now safely add the new server back to the domain and then promote it to a DC.

As a lesson learned you should avoid doing what you are doing. Discourage user mappings and instead use a login script that you can change as needed. For login script help visit this FAQ faq329-5798.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Looks like TidyTrax and I were posting at the same time. A comment on TidyTrax post. It does not mention removing the old server name from AD which means that you would be getting replication errors in the event logs. It is important to remove that server from AD. That can be accomplished via ADSUTIL or the script I mention above.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Oh this is GREAT! I have to say I love this site. Everyone is sooo helpful! I will try this tonight and let everyone know the results.

Thanks,
Wes
 
Upvote 0 Downvote
mark, microsoft will charge that kind of metadata cleanup for $295, u are saving buddies on this forum lots of $$$$$ by reading ur FAQs. good work. I hope I can be more helpful with my expertise, i am too lazy though. lol.


------------------------------------
Directory Services/Exchange Consultant
 
Upvote 0 Downvote
Thanks benlu.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Ok, problem solved. I removed it and then renamed it to another name. I then added it back, and it STILL did not work. So I remembered someone say to removed it AGAIN and then add it back in, and darnit if that didn't work!! I am back in business.

Oh, I did have to do one more thing. I had to seize control of RID master to the other server not this new one. I did this through NTDSUTIL.exe. It worked. I followed MS instructions.

Thanks a million for all your help!!!

-Wes
 
Upvote 0 Downvote
But did you remove the OLD server name from the metadirectory? If not you will have trouble with AD Replication.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
I removed it from within AD User Computers. The one thing that is weird, when I tried to do a seizure through AD User computers it will still show up as an option, but it is not anywhere else. It is not within Sites and Services. How do I get rid of it COMPLETELY!!??

-Wes
 
Upvote 0 Downvote
You need to use the script I referenced above.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
634
fightaccording
fightaccording
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
348
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
795
fredmartinmaine
fredmartinmaine
DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
316
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top