| Home | Register | Members | Search | Windows Vista Tips | File Database | Links |
 |
| Thread Tools | Display Modes |
|
Gaspar
Guest
Posts: n/a
|
I used to have two 2003 domain controller servers (SERVER1 and SERVER2). One
of them (SERVER1) broke down and it's not available anymore. I need: - To safely remove SERVER1 from DC list in AD (in SERVER2). - To install a new server as DC (SERVER3). I googled a lot searching info on removing a failed DC but it doesn't seem like an easy task. What security measures must I take on SERVER2 before removing? Thanks a lot! |
|
|
|
|
|||
|
|||
|
|
|
| |
|
Meinolf Weber [MVP-DS]
Guest
Posts: n/a
|
Hello Gaspar, See my article about metadata cleanup, this includes also the information about the running DC: http://msmvps.com/blogs/mweber/archi...a-cleanup.aspx In short, the existing one must be DNS server, Global catalog server and have all FSMOs before you can add a new DC to the domain. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I used to have two 2003 domain controller servers (SERVER1 and > SERVER2). One of them (SERVER1) broke down and it's not available > anymore. > > I need: > - To safely remove SERVER1 from DC list in AD (in SERVER2). > - To install a new server as DC (SERVER3). > I googled a lot searching info on removing a failed DC but it doesn't > seem like an easy task. What security measures must I take on SERVER2 > before removing? > > Thanks a lot! > |
|
|
|
|
|||
|
|
|||
|
Gaspar
Guest
Posts: n/a
|
I read the post and the microsoft articles. I run ntdsutil but I got some errors regarding FSMO role transfers. Is this normal? If not, what should I do? Below is the ntdsutil output. SERVER1 is the failed DC, SERVER2 is now the only live DC. Thanks! ***************************** ntdsutil ntdsutil: roles fsmo maintenance: ^C ntdsutil ntdsutil: list domains Error 80070057 parsing input - illegal syntax? ntdsutil: metadata cleanup metadata cleanup: connections server connections: connect to server server2 Binding to server2 ... Connected to server2 using credentials of locally logged on user. server connections: q metadata cleanup: select operation target select operation target: list domains Found 1 domain(s) 0 - DC=testdomain,DC=org,DC=ar select operation target: select domain 0 No current site Domain - DC=testdomain,DC=org,DC=ar No current server No current Naming Context select operation target: list sites Found 1 site(s) 0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=o rg,DC=ar select operation target: select site 0 Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D C=org,DC=ar Domain - DC=testdomain,DC=org,DC=ar No current server No current Naming Context select operation target: list servers in site Found 2 server(s) 0 - CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,D C=testdomain,DC=org,DC=ar 1 - CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,D C=testdomain,DC=org,DC=ar select operation target: select server 0 Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D C=org,DC=ar Domain - DC=testdomain,DC=org,DC=ar Server - CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurat ion,DC=testdomain,DC=org,DC=ar DSA object - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Sit e-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar DNS host name - server1.testdomain.org.ar Computer object - CN=SERVER1,OU=Domain Controllers,DC=testdomain,DC =org,DC=ar No current Naming Context select operation target: q metadata cleanup: remove selected server Transferring / Seizing FSMO roles off the selected server. Binding to server2.testdomain.org.ar ... Moving Domain Naming Master FSMO onto "CN=NTDS Settings,CN=SERVER2,CN=Servers,CN =Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC= ar". Attempting safe transfer of domain naming FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-03210333, problem 5002 (UN AVAILABLE), data 1722 Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of domain naming FSMO failed, proceeding with seizure ... Server "server2" knows about 5 roles Schema - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar Domain - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar PDC - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar RID - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar Infrastructure - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar Moving Schema Master FSMO onto "CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Defaul t-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar". Attempting safe transfer of schema FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-03210333, problem 5002 (UN AVAILABLE), data 1722 Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of schema FSMO failed, proceeding with seizure ... Server "server2" knows about 5 roles Schema - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar Domain - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar PDC - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar RID - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar Infrastructure - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar Moving PDC FSMO onto "CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Si te-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar". Attempting safe transfer of PDC FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-0321051A, problem 5002 (UN AVAILABLE), data 1722 Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of PDC FSMO failed, proceeding with seizure ... Server "server2" knows about 5 roles Schema - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar Domain - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar PDC - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar RID - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar Infrastructure - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar Moving Rid Master FSMO onto "CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-F irst-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar". Attempting safe transfer of RID FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-0321092B, problem 5002 (UN AVAILABLE), data 1722 Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.) ) Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of RID FSMO failed, proceeding with seizure ... Searching for highest rid pool in domain Server "server2" knows about 5 roles Schema - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar Domain - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si tes,CN=Configuration,DC=testdomain,DC=org,DC=ar PDC - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar RID - CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=testdomain,DC=org,DC=ar Infrastructure - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar Removing FRS metadata for the selected server. Searching for FRS members under "CN=SERVER1,OU=Domain Controllers,DC=testdomain ,DC=org,DC=ar". Removing FRS member "CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File R eplication Service,CN=System,DC=testdomain,DC=org,DC=ar". Deleting subtree under "CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=Fil e Replication Service,CN=System,DC=testdomain,DC=org,DC=ar". Deleting subtree under "CN=SERVER1,OU=Domain Controllers,DC=testdomain,DC=o rg,DC=ar". The attempt to remove the FRS settings on CN=SERVER1,CN=Servers,CN=Default-First -Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar failed beca use "Element not found."; metadata cleanup is continuing. "CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=h ospitalneuquen,DC=org,DC=ar" removed from server "server2" metadata cleanup: q ***************************** "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message news: .com... > Hello Gaspar, > > See my article about metadata cleanup, this includes also the information > about the running DC: > http://msmvps.com/blogs/mweber/archi...a-cleanup.aspx > > In short, the existing one must be DNS server, Global catalog server and > have all FSMOs before you can add a new DC to the domain. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and > confers no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >> I used to have two 2003 domain controller servers (SERVER1 and >> SERVER2). One of them (SERVER1) broke down and it's not available >> anymore. >> >> I need: >> - To safely remove SERVER1 from DC list in AD (in SERVER2). >> - To install a new server as DC (SERVER3). >> I googled a lot searching info on removing a failed DC but it doesn't >> seem like an easy task. What security measures must I take on SERVER2 >> before removing? >> >> Thanks a lot! >> > > |
|
|
|
|
|||
|
|
|||
|
Meinolf Weber [MVP-DS]
Guest
Posts: n/a
|
Hello Gaspar,
The included error just say, DC1(failed) is not to contact, just to make sure it is really not operational and then it does the seize operation for each FSMO that should be seized. Or which error do you mean? If you run in a command prompt "netdom query fsmo" does it show the correct server for the FSMO roles? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I read the post and the microsoft articles. I run ntdsutil but I got > some > errors regarding FSMO role transfers. Is this normal? If not, what > should I > do? > Below is the ntdsutil output. SERVER1 is the failed DC, SERVER2 is now > the > only live DC. > Thanks! > ***************************** > ntdsutil > ntdsutil: roles > fsmo maintenance: ^C > ntdsutil > ntdsutil: list domains > Error 80070057 parsing input - illegal syntax? > ntdsutil: metadata cleanup > metadata cleanup: connections > server connections: connect to server server2 > Binding to server2 ... > Connected to server2 using credentials of locally logged on user. > server connections: q > metadata cleanup: select operation target > select operation target: list domains > Found 1 domain(s) > 0 - DC=testdomain,DC=org,DC=ar > select operation target: select domain 0 > No current site > Domain - DC=testdomain,DC=org,DC=ar > No current server > No current Naming Context > select operation target: list sites > Found 1 site(s) > 0 - > CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC= > o > rg,DC=ar > select operation target: select site 0 > Site - > CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D > C=org,DC=ar > Domain - DC=testdomain,DC=org,DC=ar > No current server > No current Naming Context > select operation target: list servers in site > Found 2 server(s) > 0 - > CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura > tion,D > C=testdomain,DC=org,DC=ar > 1 - > CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura > tion,D > C=testdomain,DC=org,DC=ar > select operation target: select server 0 > Site - > CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D > C=org,DC=ar > Domain - DC=testdomain,DC=org,DC=ar > Server - > CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura > t > ion,DC=testdomain,DC=org,DC=ar > DSA object - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Sit > e-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar > DNS host name - server1.testdomain.org.ar > Computer object - CN=SERVER1,OU=Domain > Controllers,DC=testdomain,DC > =org,DC=ar > No current Naming Context > select operation target: q > metadata cleanup: remove selected server > Transferring / Seizing FSMO roles off the selected server. > Binding to server2.testdomain.org.ar ... > Moving Domain Naming Master FSMO onto "CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN > =Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or > g,DC= > ar". > Attempting safe transfer of domain naming FSMO before seizure. > ldap_modify_sW error 0x34(52 (Unavailable). > Ldap extended error message is 000020AF: SvcErr: DSID-03210333, > problem 5002 > (UN > AVAILABLE), data 1722 > Win32 error returned is 0x20af(The requested FSMO operation failed. > The > current > FSMO holder could not be contacted.) > ) > Depending on the error code this may indicate a connection, > ldap, or role transfer error. > Transfer of domain naming FSMO failed, proceeding with seizure ... > Server "server2" knows about 5 roles > Schema - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > Domain - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > PDC - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > RID - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > Infrastructure - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na > me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar > Moving Schema Master FSMO onto "CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Defaul > t-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar > ". > Attempting safe transfer of schema FSMO before seizure. > ldap_modify_sW error 0x34(52 (Unavailable). > Ldap extended error message is 000020AF: SvcErr: DSID-03210333, > problem 5002 > (UN > AVAILABLE), data 1722 > Win32 error returned is 0x20af(The requested FSMO operation failed. > The > current > FSMO holder could not be contacted.) > ) > Depending on the error code this may indicate a connection, > ldap, or role transfer error. > Transfer of schema FSMO failed, proceeding with seizure ... > Server "server2" knows about 5 roles > Schema - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > Domain - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > PDC - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > RID - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > Infrastructure - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na > me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar > Moving PDC FSMO onto "CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Si > te-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar". > Attempting safe transfer of PDC FSMO before seizure. > ldap_modify_sW error 0x34(52 (Unavailable). > Ldap extended error message is 000020AF: SvcErr: DSID-0321051A, > problem 5002 > (UN > AVAILABLE), data 1722 > Win32 error returned is 0x20af(The requested FSMO operation failed. > The > current > FSMO holder could not be contacted.) > ) > Depending on the error code this may indicate a connection, > ldap, or role transfer error. > Transfer of PDC FSMO failed, proceeding with seizure ... > Server "server2" knows about 5 roles > Schema - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > Domain - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > PDC - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > RID - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > Infrastructure - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na > me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar > Moving Rid Master FSMO onto "CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-F > irst-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar". > Attempting safe transfer of RID FSMO before seizure. > ldap_modify_sW error 0x34(52 (Unavailable). > Ldap extended error message is 000020AF: SvcErr: DSID-0321092B, > problem 5002 > (UN > AVAILABLE), data 1722 > Win32 error returned is 0x20af(The requested FSMO operation failed. > The > current > FSMO holder could not be contacted.) > ) > Depending on the error code this may indicate a connection, > ldap, or role transfer error. > Transfer of RID FSMO failed, proceeding with seizure ... > Searching for highest rid pool in domain > Server "server2" knows about 5 roles > Schema - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > Domain - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si > tes,CN=Configuration,DC=testdomain,DC=org,DC=ar > PDC - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > RID - CN=NTDS > Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=testdomain,DC=org,DC=ar > Infrastructure - CN=NTDS > Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na > me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar > Removing FRS metadata for the selected server. > Searching for FRS members under "CN=SERVER1,OU=Domain > Controllers,DC=testdomain > ,DC=org,DC=ar". > Removing FRS member "CN=SERVER1,CN=Domain System Volume (SYSVOL > share),CN=File R > eplication Service,CN=System,DC=testdomain,DC=org,DC=ar". > Deleting subtree under "CN=SERVER1,CN=Domain System Volume (SYSVOL > share),CN=Fil > e Replication Service,CN=System,DC=testdomain,DC=org,DC=ar". > Deleting subtree under "CN=SERVER1,OU=Domain > Controllers,DC=testdomain,DC=o > rg,DC=ar". > The attempt to remove the FRS settings on > CN=SERVER1,CN=Servers,CN=Default-First > -Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar failed > beca > use "Element not found."; > metadata cleanup is continuing. > "CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur > ation,DC=h > ospitalneuquen,DC=org,DC=ar" removed from server "server2" > metadata cleanup: q > ***************************** > "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message > news: .com... > >> Hello Gaspar, >> >> See my article about metadata cleanup, this includes also the >> information about the running DC: >> http://msmvps.com/blogs/mweber/archi...e-directory-me >> tadata-cleanup.aspx >> >> In short, the existing one must be DNS server, Global catalog server >> and have all FSMOs before you can add a new DC to the domain. >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> I used to have two 2003 domain controller servers (SERVER1 and >>> SERVER2). One of them (SERVER1) broke down and it's not available >>> anymore. >>> >>> I need: >>> - To safely remove SERVER1 from DC list in AD (in SERVER2). >>> - To install a new server as DC (SERVER3). >>> I googled a lot searching info on removing a failed DC but it >>> doesn't >>> seem like an easy task. What security measures must I take on >>> SERVER2 >>> before removing? >>> Thanks a lot! >>> |
|
|
|
|
|||
|
|
|||
|
Gaspar
Guest
Posts: n/a
|
Everythink seems to be OK.
Thanks a lot for your time! "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message news: .com... > Hello Gaspar, > > The included error just say, DC1(failed) is not to contact, just to make > sure it is really not operational and then it does the seize operation for > each FSMO that should be seized. > > Or which error do you mean? If you run in a command prompt "netdom query > fsmo" does it show the correct server for the FSMO roles? > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and > confers no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >> I read the post and the microsoft articles. I run ntdsutil but I got >> some >> errors regarding FSMO role transfers. Is this normal? If not, what >> should I >> do? >> Below is the ntdsutil output. SERVER1 is the failed DC, SERVER2 is now >> the >> only live DC. >> Thanks! >> ***************************** >> ntdsutil >> ntdsutil: roles >> fsmo maintenance: ^C >> ntdsutil >> ntdsutil: list domains >> Error 80070057 parsing input - illegal syntax? >> ntdsutil: metadata cleanup >> metadata cleanup: connections >> server connections: connect to server server2 >> Binding to server2 ... >> Connected to server2 using credentials of locally logged on user. >> server connections: q >> metadata cleanup: select operation target >> select operation target: list domains >> Found 1 domain(s) >> 0 - DC=testdomain,DC=org,DC=ar >> select operation target: select domain 0 >> No current site >> Domain - DC=testdomain,DC=org,DC=ar >> No current server >> No current Naming Context >> select operation target: list sites >> Found 1 site(s) >> 0 - >> CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC= >> o >> rg,DC=ar >> select operation target: select site 0 >> Site - >> CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D >> C=org,DC=ar >> Domain - DC=testdomain,DC=org,DC=ar >> No current server >> No current Naming Context >> select operation target: list servers in site >> Found 2 server(s) >> 0 - >> CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura >> tion,D >> C=testdomain,DC=org,DC=ar >> 1 - >> CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura >> tion,D >> C=testdomain,DC=org,DC=ar >> select operation target: select server 0 >> Site - >> CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D >> C=org,DC=ar >> Domain - DC=testdomain,DC=org,DC=ar >> Server - >> CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura >> t >> ion,DC=testdomain,DC=org,DC=ar >> DSA object - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Sit >> e-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar >> DNS host name - server1.testdomain.org.ar >> Computer object - CN=SERVER1,OU=Domain >> Controllers,DC=testdomain,DC >> =org,DC=ar >> No current Naming Context >> select operation target: q >> metadata cleanup: remove selected server >> Transferring / Seizing FSMO roles off the selected server. >> Binding to server2.testdomain.org.ar ... >> Moving Domain Naming Master FSMO onto "CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN >> =Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or >> g,DC= >> ar". >> Attempting safe transfer of domain naming FSMO before seizure. >> ldap_modify_sW error 0x34(52 (Unavailable). >> Ldap extended error message is 000020AF: SvcErr: DSID-03210333, >> problem 5002 >> (UN >> AVAILABLE), data 1722 >> Win32 error returned is 0x20af(The requested FSMO operation failed. >> The >> current >> FSMO holder could not be contacted.) >> ) >> Depending on the error code this may indicate a connection, >> ldap, or role transfer error. >> Transfer of domain naming FSMO failed, proceeding with seizure ... >> Server "server2" knows about 5 roles >> Schema - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Domain - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> PDC - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> RID - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Infrastructure - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar >> Moving Schema Master FSMO onto "CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Defaul >> t-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar >> ". >> Attempting safe transfer of schema FSMO before seizure. >> ldap_modify_sW error 0x34(52 (Unavailable). >> Ldap extended error message is 000020AF: SvcErr: DSID-03210333, >> problem 5002 >> (UN >> AVAILABLE), data 1722 >> Win32 error returned is 0x20af(The requested FSMO operation failed. >> The >> current >> FSMO holder could not be contacted.) >> ) >> Depending on the error code this may indicate a connection, >> ldap, or role transfer error. >> Transfer of schema FSMO failed, proceeding with seizure ... >> Server "server2" knows about 5 roles >> Schema - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Domain - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> PDC - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> RID - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Infrastructure - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar >> Moving PDC FSMO onto "CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Si >> te-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar". >> Attempting safe transfer of PDC FSMO before seizure. >> ldap_modify_sW error 0x34(52 (Unavailable). >> Ldap extended error message is 000020AF: SvcErr: DSID-0321051A, >> problem 5002 >> (UN >> AVAILABLE), data 1722 >> Win32 error returned is 0x20af(The requested FSMO operation failed. >> The >> current >> FSMO holder could not be contacted.) >> ) >> Depending on the error code this may indicate a connection, >> ldap, or role transfer error. >> Transfer of PDC FSMO failed, proceeding with seizure ... >> Server "server2" knows about 5 roles >> Schema - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Domain - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> PDC - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> RID - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Infrastructure - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar >> Moving Rid Master FSMO onto "CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-F >> irst-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar". >> Attempting safe transfer of RID FSMO before seizure. >> ldap_modify_sW error 0x34(52 (Unavailable). >> Ldap extended error message is 000020AF: SvcErr: DSID-0321092B, >> problem 5002 >> (UN >> AVAILABLE), data 1722 >> Win32 error returned is 0x20af(The requested FSMO operation failed. >> The >> current >> FSMO holder could not be contacted.) >> ) >> Depending on the error code this may indicate a connection, >> ldap, or role transfer error. >> Transfer of RID FSMO failed, proceeding with seizure ... >> Searching for highest rid pool in domain >> Server "server2" knows about 5 roles >> Schema - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Domain - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >> PDC - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> RID - CN=NTDS >> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites >> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >> Infrastructure - CN=NTDS >> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar >> Removing FRS metadata for the selected server. >> Searching for FRS members under "CN=SERVER1,OU=Domain >> Controllers,DC=testdomain >> ,DC=org,DC=ar". >> Removing FRS member "CN=SERVER1,CN=Domain System Volume (SYSVOL >> share),CN=File R >> eplication Service,CN=System,DC=testdomain,DC=org,DC=ar". >> Deleting subtree under "CN=SERVER1,CN=Domain System Volume (SYSVOL >> share),CN=Fil >> e Replication Service,CN=System,DC=testdomain,DC=org,DC=ar". >> Deleting subtree under "CN=SERVER1,OU=Domain >> Controllers,DC=testdomain,DC=o >> rg,DC=ar". >> The attempt to remove the FRS settings on >> CN=SERVER1,CN=Servers,CN=Default-First >> -Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar failed >> beca >> use "Element not found."; >> metadata cleanup is continuing. >> "CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur >> ation,DC=h >> ospitalneuquen,DC=org,DC=ar" removed from server "server2" >> metadata cleanup: q >> ***************************** >> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message >> news: .com... >> >>> Hello Gaspar, >>> >>> See my article about metadata cleanup, this includes also the >>> information about the running DC: >>> http://msmvps.com/blogs/mweber/archi...e-directory-me >>> tadata-cleanup.aspx >>> >>> In short, the existing one must be DNS server, Global catalog server >>> and have all FSMOs before you can add a new DC to the domain. >>> >>> Best regards >>> >>> Meinolf Weber >>> Disclaimer: This posting is provided "AS IS" with no warranties, and >>> confers no rights. >>> ** Please do NOT email, only reply to Newsgroups >>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>> I used to have two 2003 domain controller servers (SERVER1 and >>>> SERVER2). One of them (SERVER1) broke down and it's not available >>>> anymore. >>>> >>>> I need: >>>> - To safely remove SERVER1 from DC list in AD (in SERVER2). >>>> - To install a new server as DC (SERVER3). >>>> I googled a lot searching info on removing a failed DC but it >>>> doesn't >>>> seem like an easy task. What security measures must I take on >>>> SERVER2 >>>> before removing? >>>> Thanks a lot! >>>> > > |
|
|
|
|
|||
|
|
|||
|
Meinolf Weber [MVP-DS]
Guest
Posts: n/a
|
Hello Gaspar,
run also the support tools on regular base: dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and higher] repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt (if more then one DC exists) dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) You're welcome. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Everythink seems to be OK. > > Thanks a lot for your time! > > "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message > news: .com... > >> Hello Gaspar, >> >> The included error just say, DC1(failed) is not to contact, just to >> make sure it is really not operational and then it does the seize >> operation for each FSMO that should be seized. >> >> Or which error do you mean? If you run in a command prompt "netdom >> query fsmo" does it show the correct server for the FSMO roles? >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> I read the post and the microsoft articles. I run ntdsutil but I got >>> some >>> errors regarding FSMO role transfers. Is this normal? If not, what >>> should I >>> do? >>> Below is the ntdsutil output. SERVER1 is the failed DC, SERVER2 is >>> now >>> the >>> only live DC. >>> Thanks! >>> ***************************** >>> ntdsutil >>> ntdsutil: roles >>> fsmo maintenance: ^C >>> ntdsutil >>> ntdsutil: list domains >>> Error 80070057 parsing input - illegal syntax? >>> ntdsutil: metadata cleanup >>> metadata cleanup: connections >>> server connections: connect to server server2 >>> Binding to server2 ... >>> Connected to server2 using credentials of locally logged on user. >>> server connections: q >>> metadata cleanup: select operation target >>> select operation target: list domains >>> Found 1 domain(s) >>> 0 - DC=testdomain,DC=org,DC=ar >>> select operation target: select domain 0 >>> No current site >>> Domain - DC=testdomain,DC=org,DC=ar >>> No current server >>> No current Naming Context >>> select operation target: list sites >>> Found 1 site(s) >>> 0 - >>> CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D >>> C= >>> o >>> rg,DC=ar >>> select operation target: select site 0 >>> Site - >>> CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D >>> C=org,DC=ar >>> Domain - DC=testdomain,DC=org,DC=ar >>> No current server >>> No current Naming Context >>> select operation target: list servers in site >>> Found 2 server(s) >>> 0 - >>> CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu >>> ra >>> tion,D >>> C=testdomain,DC=org,DC=ar >>> 1 - >>> CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu >>> ra >>> tion,D >>> C=testdomain,DC=org,DC=ar >>> select operation target: select server 0 >>> Site - >>> CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,D >>> C=org,DC=ar >>> Domain - DC=testdomain,DC=org,DC=ar >>> Server - >>> CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu >>> ra >>> t >>> ion,DC=testdomain,DC=org,DC=ar >>> DSA object - CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Sit >>> e-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar >>> DNS host name - server1.testdomain.org.ar >>> Computer object - CN=SERVER1,OU=Domain >>> Controllers,DC=testdomain,DC >>> =org,DC=ar >>> No current Naming Context >>> select operation target: q >>> metadata cleanup: remove selected server >>> Transferring / Seizing FSMO roles off the selected server. >>> Binding to server2.testdomain.org.ar ... >>> Moving Domain Naming Master FSMO onto "CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN >>> =Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC= >>> or >>> g,DC= >>> ar". >>> Attempting safe transfer of domain naming FSMO before seizure. >>> ldap_modify_sW error 0x34(52 (Unavailable). >>> Ldap extended error message is 000020AF: SvcErr: DSID-03210333, >>> problem 5002 >>> (UN >>> AVAILABLE), data 1722 >>> Win32 error returned is 0x20af(The requested FSMO operation failed. >>> The >>> current >>> FSMO holder could not be contacted.) >>> ) >>> Depending on the error code this may indicate a connection, >>> ldap, or role transfer error. >>> Transfer of domain naming FSMO failed, proceeding with seizure ... >>> Server "server2" knows about 5 roles >>> Schema - CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Si >>> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> Domain - CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >>> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> PDC - CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >>> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> RID - CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >>> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> Infrastructure - CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >>> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar >>> Moving Schema Master FSMO onto "CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Defaul >>> t-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC= >>> ar >>> ". >>> Attempting safe transfer of schema FSMO before seizure. >>> ldap_modify_sW error 0x34(52 (Unavailable). >>> Ldap extended error message is 000020AF: SvcErr: DSID-03210333, >>> problem 5002 >>> (UN >>> AVAILABLE), data 1722 >>> Win32 error returned is 0x20af(The requested FSMO operation failed. >>> The >>> current >>> FSMO holder could not be contacted.) >>> ) >>> Depending on the error code this may indicate a connection, >>> ldap, or role transfer error. >>> Transfer of schema FSMO failed, proceeding with seizure ... >>> Server "server2" knows about 5 roles >>> Schema - CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >>> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> Domain - CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >>> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> PDC - CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >>> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> RID - CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >>> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> Infrastructure - CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >>> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar >>> Moving PDC FSMO onto "CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Si >>> te-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar". >>> Attempting safe transfer of PDC FSMO before seizure. >>> ldap_modify_sW error 0x34(52 (Unavailable). >>> Ldap extended error message is 000020AF: SvcErr: DSID-0321051A, >>> problem 5002 >>> (UN >>> AVAILABLE), data 1722 >>> Win32 error returned is 0x20af(The requested FSMO operation failed. >>> The >>> current >>> FSMO holder could not be contacted.) >>> ) >>> Depending on the error code this may indicate a connection, >>> ldap, or role transfer error. >>> Transfer of PDC FSMO failed, proceeding with seizure ... >>> Server "server2" knows about 5 roles >>> Schema - CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >>> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> Domain - CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >>> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> PDC - CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites >>> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> RID - CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites >>> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> Infrastructure - CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >>> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar >>> Moving Rid Master FSMO onto "CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-F >>> irst-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar" >>> . >>> Attempting safe transfer of RID FSMO before seizure. >>> ldap_modify_sW error 0x34(52 (Unavailable). >>> Ldap extended error message is 000020AF: SvcErr: DSID-0321092B, >>> problem 5002 >>> (UN >>> AVAILABLE), data 1722 >>> Win32 error returned is 0x20af(The requested FSMO operation failed. >>> The >>> current >>> FSMO holder could not be contacted.) >>> ) >>> Depending on the error code this may indicate a connection, >>> ldap, or role transfer error. >>> Transfer of RID FSMO failed, proceeding with seizure ... >>> Searching for highest rid pool in domain >>> Server "server2" knows about 5 roles >>> Schema - CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >>> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> Domain - CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si >>> tes,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> PDC - CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites >>> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> RID - CN=NTDS >>> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites >>> ,CN=Configuration,DC=testdomain,DC=org,DC=ar >>> Infrastructure - CN=NTDS >>> Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Na >>> me,CN=Sites,CN=Configuration,DC=testdomain,DC=org, DC=ar >>> Removing FRS metadata for the selected server. >>> Searching for FRS members under "CN=SERVER1,OU=Domain >>> Controllers,DC=testdomain >>> ,DC=org,DC=ar". >>> Removing FRS member "CN=SERVER1,CN=Domain System Volume (SYSVOL >>> share),CN=File R >>> eplication Service,CN=System,DC=testdomain,DC=org,DC=ar". >>> Deleting subtree under "CN=SERVER1,CN=Domain System Volume (SYSVOL >>> share),CN=Fil >>> e Replication Service,CN=System,DC=testdomain,DC=org,DC=ar". >>> Deleting subtree under "CN=SERVER1,OU=Domain >>> Controllers,DC=testdomain,DC=o >>> rg,DC=ar". >>> The attempt to remove the FRS settings on >>> CN=SERVER1,CN=Servers,CN=Default-First >>> -Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=or g,DC=ar >>> failed >>> beca >>> use "Element not found."; >>> metadata cleanup is continuing. >>> "CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Config >>> ur >>> ation,DC=h >>> ospitalneuquen,DC=org,DC=ar" removed from server "server2" >>> metadata cleanup: q >>> ***************************** >>> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message >>> news: .com... >>>> Hello Gaspar, >>>> >>>> See my article about metadata cleanup, this includes also the >>>> information about the running DC: >>>> http://msmvps.com/blogs/mweber/archi...ive-directory- >>>> me tadata-cleanup.aspx >>>> >>>> In short, the existing one must be DNS server, Global catalog >>>> server and have all FSMOs before you can add a new DC to the >>>> domain. >>>> >>>> Best regards >>>> >>>> Meinolf Weber >>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>> and >>>> confers no rights. >>>> ** Please do NOT email, only reply to Newsgroups >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>> I used to have two 2003 domain controller servers (SERVER1 and >>>>> SERVER2). One of them (SERVER1) broke down and it's not available >>>>> anymore. >>>>> >>>>> I need: >>>>> - To safely remove SERVER1 from DC list in AD (in SERVER2). >>>>> - To install a new server as DC (SERVER3). >>>>> I googled a lot searching info on removing a failed DC but it >>>>> doesn't >>>>> seem like an easy task. What security measures must I take on >>>>> SERVER2 >>>>> before removing? >>>>> Thanks a lot! |
|
|
|
|
|||
|
|
|||
|
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Error with domain trusts - 2003 to 2003 | Andrew Story | Active Directory | 19 | 04-15-2010 02:43 PM |
| Re: DC with "Windows cannot obtain the domain controller name for your computer network" | Danny Sanders | Active Directory | 0 | 01-21-2010 02:26 PM |
| Unable to add computer to domain | Nik | Active Directory | 5 | 12-18-2009 08:29 PM |
| Re: Incorrect server name | Ace Fekay [MCT] | Windows Server | 4 | 10-28-2009 02:17 PM |
| Slow Vista startup | Jedi940 | Windows Vista Performance | 1 | 01-13-2008 08:50 PM |
Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc. |
Linear Mode
