PDC - BDC Conflicts

Discussion in 'Server Networking' started by Jean Paul Mertens, Aug 17, 2007.

  1. Hello to all,

    I have a problem with a BDC (windows 2000 server) who does not see that the
    PDC (SBS 2000) is back on-line. I have got my PDC crashed,and for some
    reason the NT-Mirror had stopped some time ago. I have taken the PDC out of
    the network, and the BDC took over the security with no problem. I have put
    my (early stopped) mirror disk as master and restored alle backups so that
    the PDC is ok. I have put the PDC back in the network and had to disconnect
    (temporary set them to workgroup) all workstations and servers from the
    domain and then reconnect them to the domain. So far so good until I tried
    to do the same with my BDC but he keeps saying that there is no PDC so he
    can not disconnect and he is not trusted by the domain any more. I cant stop
    the AD becourse the server is BDC etc.. I'm turning in a round so my BDC in
    no more reachable by the domain and vise versa.

    Is there a tool (or a way) to force the BDC server to stop from thinking he
    has to stay a domain on his own so that I can downgrade the BDC to a simple
    server, take is 'out of the domain' and reconnect it to the 'new domain'

    Many tanks in advance

    Jean Paul
     
    Jean Paul Mertens, Aug 17, 2007
    #1
    1. Advertisements

  2. Jean Paul Mertens

    Wallyb132 Guest

    you need to remove AD from the BDC using DCPromo, remove it completely from
    the domain, turning it in to a stand alone server, rejoin it to the domain.
    run adprep on your SBS, then run DCPromo on your BDC again to install AD and
    make it a domain controller, once its rejoined as a DC make it a global
    catalog again.
     
    Wallyb132, Aug 17, 2007
    #2
    1. Advertisements

  3. 1. There is no such thing as a PDC and BDC in Windows 2000 or newer. There
    is a PDC "role" but it is not the same thing.

    2. SBS cannot join an existing Domain, so having a second DC in an SBS
    controlled system is almost [but not quite] totally worthless.
    a. Rebuilding SBS and giving it the same Domain name as before only
    creates two *different* domains that just happen to have the same name.
    b. The other DC can not see the SBS as being back online on the original
    Domain because the SBS is not back online in the orignal Domain. It is a
    completely new SBS on a completely new Domain that just happens to use the
    same name.

    The proper way to have fault tolerance and recoverability with SBS is by
    using System-State Backups for the software side and RAID for the hardware
    side. The RAID itself needs to be done in Hardware and not in Windows. IMO,
    disaster recovery with SBS is itself a disaster and is why I would never
    want to run SBS.

    There have been third-party non-Microsoft solutions "invented" to deal with
    this. You may have to ask in a SBS Group to find details on that. I don''t
    have any links or information for that myself.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Aug 17, 2007
    #3
  4. Jean Paul Mertens

    Steve Guest

    Please explain why you say SBS can't join an existing domain? There is a KB
    that gives the steps to do so:

    http://support.microsoft.com/kb/884453

     
    Steve, Aug 17, 2007
    #4
  5. I've always been told by everyone that it wouldn't. I don't run it myself. I
    didn't know that article existed,...I was under the impression that SBS did
    not even posses "dcpromo.exe"

    What about SBS2000?

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------


     
    Phillip Windell, Aug 17, 2007
    #5
  6. Sorry,
    Steve posted an article on this. I never knew that was possible. I'd always
    been told by others that it could not do so. I don't run it myself.
    Someone came up with some kind of complex third-party thing to deal with
    this stuff, and now I don't undserstand why all that was needed if SBS can
    do this so easily and naturally on its own. I'm not disapointed of course,
    if I ever have to deal with it then it will be easier to deal with than I
    thought.

    I guess this a good example why why people should not cross-post their
    question all over the place and stick to the correct groups. Then they'd get
    the correct answer from the right people who know best in the first place.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.

    "Cris Hanna [SBS-MVP]" <>
    wrote in message Phillip
    Actually with SBS 2003 (and I see no reason why it wouldn't work with 2000,
    but the document was written for SBS 2003) you can install to an existing
    Active Directory network

    --
    Cris Hanna [SBS-MVP]
    -------------------------------------------------
    Microsoft MVPs
    Independent Experts (MVPs do not work for MS)
    Real World Answers
    ---------------------------------------------------------
    Please do not contact me directly regarding issues

    1. There is no such thing as a PDC and BDC in Windows 2000 or newer. There
    is a PDC "role" but it is not the same thing.

    2. SBS cannot join an existing Domain, so having a second DC in an SBS
    controlled system is almost [but not quite] totally worthless.
    a. Rebuilding SBS and giving it the same Domain name as before only
    creates two *different* domains that just happen to have the same name.
    b. The other DC can not see the SBS as being back online on the original
    Domain because the SBS is not back online in the orignal Domain. It is a
    completely new SBS on a completely new Domain that just happens to use the
    same name.

    The proper way to have fault tolerance and recoverability with SBS is by
    using System-State Backups for the software side and RAID for the hardware
    side. The RAID itself needs to be done in Hardware and not in Windows. IMO,
    disaster recovery with SBS is itself a disaster and is why I would never
    want to run SBS.

    There have been third-party non-Microsoft solutions "invented" to deal with
    this. You may have to ask in a SBS Group to find details on that. I don''t
    have any links or information for that myself.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Aug 17, 2007
    #6
  7. Jean Paul Mertens

    Steve Guest

    As Cris says I think that SBS 2000 could also join a domain in the same way
    but I haven't even thought about that version for about 4 years.

    Steve

     
    Steve, Aug 17, 2007
    #7
  8. looking at the list of crosspost groups, it's reasonable, there is a decent
    expectation of an answer from each and the list is not overly extensive.

    Something's been missed in the discussion however. The 'throw the baby away'
    method of DC recovery is wasteful whether the DC be an SBS or not.

    Jean Paul needs to reassess/redesign his Disaster Recovery process. The
    original DC should have been 'recovered' rather than 'replaced'.

    and all this gaff about 'there is no PDC/BDC in 2000+ AD's' just bores me,
    the FSMO role holders (though possibly distributed) are distinctly more
    'primary' than 'other' DC's, correcting someone referring to 'my PDC' is
    just muddying the water, it ain't factual but it's a reasonable way of
    expressing the idea. I have _very_ little to do with LARGE AD's but those
    several I have encountered (tens to maybe hundreds of DC's) all actually
    have one server holding both forest and 'first' domain level FSMO roles, if
    that ain't a PDC I don't know what it is. (I am not responsible for the
    design of these AD's, so don't bother correcting me :)

     
    SuperGumby [SBS MVP], Aug 18, 2007
    #8
  9. Wally,

    That is the problem, if I run DCPromo I got the answer that a domain
    controller could not be contacted for the domain so he would not continue.
    The message window says that I have to take out the server out of the domain
    by making him member of a workgroup and then rejoin the domain. Bus as long
    as AD is running on the machine I can not leave the domain (In the system
    properties I can not change the identification of the computer becourse he
    aims to be a domaincontroller...

    and so we are back to start.

    Any further ID's

    Greets

    Jean Paul
     
    Jean Paul Mertens, Aug 18, 2007
    #9
  10. Hello all,

    I was able to remove on the BDC the name of the PDC using ntdsutil,
    whereafter it was posible to take the BDC out of the domain using DCPromo
    saying that this was the last domain controller and then he did it. Overnoon
    I will restart the servers and hopefully it will all work as before.

    To bee continued :) ...

    Jean Paul
     
    Jean Paul Mertens, Aug 20, 2007
    #10
  11. it won't.
     
    SuperGumby [SBS MVP], Aug 20, 2007
    #11
  12. I could downgrade the BDC to a standalone server in a workgroup.

    when I try toe meet the domain again, I got an error saying that the user
    already exists in the domain. When I try to remove the name of the BDC in
    the current domain, I get the message that the DSA-object could not be
    removed

    Is there a way to do so

    Greets

    Jean Paul
     
    Jean Paul Mertens, Aug 20, 2007
    #12
  13. Ok, but if it is reasonable then it is borderline reasonable.
    Agreed, most definately
    I also like the comment made in another post that he needs to stop "doing
    things" and work through the problem methodically.
    It doesn't bore me,...but having people use the PDB/BDC terms is like
    "fingernails on a chalkboard" to me. I apparently hasn't been pointed out
    enough if people are still using the terms. It's been over 7 years since
    Windows 2000 came out,..it's time people figure it out. If poeple want to
    distingush the PDC Role or the Global Catalog holder because it is relevant
    to the context, that is fine.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Aug 20, 2007
    #13
  14. it did' it



    After 35 years of experience in Micro computing and Software I know one
    thing, say never never.



    The whole thing is nothing more than shuffling with bits and bytes and every
    bit in every machine is accessible. Never forget that those machines are
    made to work for us and not visa versa, and no matter what it is, windows,
    unix, cp/m or whatever, it is always man-made, no magic, and if you really
    want it to do something it will do it.



    What my disaster recovery method concerns, It worked several times before
    without any problem on this and other machines. I'm still convinced that a
    raid mirror is the best and the quickest way to be in business again. The
    only problem I had now was that for an unknown reason the mirroring stopped
    in last April and I never got an error of it. So instead off reinstalling
    the whole thing I have taken the mirror disk and putted my daily backup on
    it, and in less than two hours 85% of the network was back up, the only
    problem was this one server 'with the BDC role' who was not playing the game
    and my first question was just if someone had a tool to force the server to
    a stand-alone role, but apparently no one had such a thing.



    I did not ask for a discussion how good or bad SBS is nor if PDC and BDC are
    the correct terms of what everybody know what they are. My problem was a
    server problem with influence on the security, on network and on SBS so I
    thought to find in those groups what I was looking for. It is the first
    time, and I use BBS's long before internet exists, that I've got such
    reactions..



    No matter, for who is ever interested in how I fixed my problem I will put
    it one of the days to come on my website www.on7ami.be



    Greets to all,



    From a growing old IT'er



    Jean Paul
     
    Jean Paul Mertens, Aug 21, 2007
    #14
  15. Jean Paul,

    you ripped the heart out of AD and had to remove and reinvite every
    workstation to the AD. For a period of time the state of your DC's and
    communication between them was indeterminate and you were not particularly
    forthcoming with error status about them (you told us a lot about what you
    had done, but not much about what was happening, ie. details, error
    messages).

    I'm glad to hear it's all sorted.

    I probably would have gone to the (too long offline) mirror and restored
    a recent 'system state', while in a disconnected state, possibly have had
    issues but _probably_ not as many as you experienced. However, I can
    theorise about the process till hades turns cold, fact is, you have a
    functioning system. I'm sorry I was of no benefit in the process but I still
    suggest you need to look at your DR procedure, or maybe the approach to DR,
    make it easier should it happen again.
     
    SuperGumby [SBS MVP], Aug 21, 2007
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.