PDC - BDC Conflicts

Hello to all,

I have a problem with a BDC (windows 2000 server) who does not see that the
PDC (SBS 2000) is back on-line. I have got my PDC crashed,and for some
reason the NT-Mirror had stopped some time ago. I have taken the PDC out of
the network, and the BDC took over the security with no problem. I have put
my (early stopped) mirror disk as master and restored alle backups so that
the PDC is ok. I have put the PDC back in the network and had to disconnect
(temporary set them to workgroup) all workstations and servers from the
domain and then reconnect them to the domain. So far so good until I tried
to do the same with my BDC but he keeps saying that there is no PDC so he
can not disconnect and he is not trusted by the domain any more. I cant stop
the AD becourse the server is BDC etc.. I'm turning in a round so my BDC in
no more reachable by the domain and vise versa.

Is there a tool (or a way) to force the BDC server to stop from thinking he
has to stay a domain on his own so that I can downgrade the BDC to a simple
server, take is 'out of the domain' and reconnect it to the 'new domain'

Many tanks in advance

Jean Paul

 

you need to remove AD from the BDC using DCPromo, remove it completely from
the domain, turning it in to a stand alone server, rejoin it to the domain.
run adprep on your SBS, then run DCPromo on your BDC again to install AD and
make it a domain controller, once its rejoined as a DC make it a global
catalog again.

 

1. There is no such thing as a PDC and BDC in Windows 2000 or newer. There
is a PDC "role" but it is not the same thing.

2. SBS cannot join an existing Domain, so having a second DC in an SBS
controlled system is almost [but not quite] totally worthless.
a. Rebuilding SBS and giving it the same Domain name as before only
creates two *different* domains that just happen to have the same name.
b. The other DC can not see the SBS as being back online on the original
Domain because the SBS is not back online in the orignal Domain. It is a
completely new SBS on a completely new Domain that just happens to use the
same name.

The proper way to have fault tolerance and recoverability with SBS is by
using System-State Backups for the software side and RAID for the hardware
side. The RAID itself needs to be done in Hardware and not in Windows. IMO,
disaster recovery with SBS is itself a disaster and is why I would never
want to run SBS.

There have been third-party non-Microsoft solutions "invented" to deal with
this. You may have to ask in a SBS Group to find details on that. I don''t
have any links or information for that myself.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

 

Please explain why you say SBS can't join an existing domain? There is a KB
that gives the steps to do so:

http://support.microsoft.com/kb/884453

 

I've always been told by everyone that it wouldn't. I don't run it myself. I
didn't know that article existed,...I was under the impression that SBS did
not even posses "dcpromo.exe"

What about SBS2000?

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

 

Sorry,
Steve posted an article on this. I never knew that was possible. I'd always
been told by others that it could not do so. I don't run it myself.
Someone came up with some kind of complex third-party thing to deal with
this stuff, and now I don't undserstand why all that was needed if SBS can
do this so easily and naturally on its own. I'm not disapointed of course,
if I ever have to deal with it then it will be easier to deal with than I
thought.

I guess this a good example why why people should not cross-post their
question all over the place and stick to the correct groups. Then they'd get
the correct answer from the right people who know best in the first place.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.

"Cris Hanna [SBS-MVP]" <>
wrote in message Phillip
Actually with SBS 2003 (and I see no reason why it wouldn't work with 2000,
but the document was written for SBS 2003) you can install to an existing
Active Directory network

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

1. There is no such thing as a PDC and BDC in Windows 2000 or newer. There
is a PDC "role" but it is not the same thing.

2. SBS cannot join an existing Domain, so having a second DC in an SBS
controlled system is almost [but not quite] totally worthless.
a. Rebuilding SBS and giving it the same Domain name as before only
creates two *different* domains that just happen to have the same name.
b. The other DC can not see the SBS as being back online on the original
Domain because the SBS is not back online in the orignal Domain. It is a
completely new SBS on a completely new Domain that just happens to use the
same name.

The proper way to have fault tolerance and recoverability with SBS is by
using System-State Backups for the software side and RAID for the hardware
side. The RAID itself needs to be done in Hardware and not in Windows. IMO,
disaster recovery with SBS is itself a disaster and is why I would never
want to run SBS.

There have been third-party non-Microsoft solutions "invented" to deal with
this. You may have to ask in a SBS Group to find details on that. I don''t
have any links or information for that myself.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

 

As Cris says I think that SBS 2000 could also join a domain in the same way
but I haven't even thought about that version for about 4 years.

Steve

 

looking at the list of crosspost groups, it's reasonable, there is a decent
expectation of an answer from each and the list is not overly extensive.

Something's been missed in the discussion however. The 'throw the baby away'
method of DC recovery is wasteful whether the DC be an SBS or not.

Jean Paul needs to reassess/redesign his Disaster Recovery process. The
original DC should have been 'recovered' rather than 'replaced'.

and all this gaff about 'there is no PDC/BDC in 2000+ AD's' just bores me,
the FSMO role holders (though possibly distributed) are distinctly more
'primary' than 'other' DC's, correcting someone referring to 'my PDC' is
just muddying the water, it ain't factual but it's a reasonable way of
expressing the idea. I have _very_ little to do with LARGE AD's but those
several I have encountered (tens to maybe hundreds of DC's) all actually
have one server holding both forest and 'first' domain level FSMO roles, if
that ain't a PDC I don't know what it is. (I am not responsible for the
design of these AD's, so don't bother correcting me

 

Wally,

That is the problem, if I run DCPromo I got the answer that a domain
controller could not be contacted for the domain so he would not continue.
The message window says that I have to take out the server out of the domain
by making him member of a workgroup and then rejoin the domain. Bus as long
as AD is running on the machine I can not leave the domain (In the system
properties I can not change the identification of the computer becourse he
aims to be a domaincontroller...

and so we are back to start.

Any further ID's

Greets

Jean Paul

 

Hello all,

I was able to remove on the BDC the name of the PDC using ntdsutil,
whereafter it was posible to take the BDC out of the domain using DCPromo
saying that this was the last domain controller and then he did it. Overnoon
I will restart the servers and hopefully it will all work as before.

To bee continued ...

Jean Paul

 

it won't.

 

I could downgrade the BDC to a standalone server in a workgroup.

when I try toe meet the domain again, I got an error saying that the user
already exists in the domain. When I try to remove the name of the BDC in
the current domain, I get the message that the DSA-object could not be
removed

Is there a way to do so

Greets

Jean Paul

 

Ok, but if it is reasonable then it is borderline reasonable.

Agreed, most definately
I also like the comment made in another post that he needs to stop "doing
things" and work through the problem methodically.

It doesn't bore me,...but having people use the PDB/BDC terms is like
"fingernails on a chalkboard" to me. I apparently hasn't been pointed out
enough if people are still using the terms. It's been over 7 years since
Windows 2000 came out,..it's time people figure it out. If poeple want to
distingush the PDC Role or the Global Catalog holder because it is relevant
to the context, that is fine.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

 

it did' it



After 35 years of experience in Micro computing and Software I know one
thing, say never never.



The whole thing is nothing more than shuffling with bits and bytes and every
bit in every machine is accessible. Never forget that those machines are
made to work for us and not visa versa, and no matter what it is, windows,
unix, cp/m or whatever, it is always man-made, no magic, and if you really
want it to do something it will do it.



What my disaster recovery method concerns, It worked several times before
without any problem on this and other machines. I'm still convinced that a
raid mirror is the best and the quickest way to be in business again. The
only problem I had now was that for an unknown reason the mirroring stopped
in last April and I never got an error of it. So instead off reinstalling
the whole thing I have taken the mirror disk and putted my daily backup on
it, and in less than two hours 85% of the network was back up, the only
problem was this one server 'with the BDC role' who was not playing the game
and my first question was just if someone had a tool to force the server to
a stand-alone role, but apparently no one had such a thing.



I did not ask for a discussion how good or bad SBS is nor if PDC and BDC are
the correct terms of what everybody know what they are. My problem was a
server problem with influence on the security, on network and on SBS so I
thought to find in those groups what I was looking for. It is the first
time, and I use BBS's long before internet exists, that I've got such
reactions..



No matter, for who is ever interested in how I fixed my problem I will put
it one of the days to come on my website www.on7ami.be



Greets to all,



From a growing old IT'er



Jean Paul

 

Jean Paul,

you ripped the heart out of AD and had to remove and reinvite every
workstation to the AD. For a period of time the state of your DC's and
communication between them was indeterminate and you were not particularly
forthcoming with error status about them (you told us a lot about what you
had done, but not much about what was happening, ie. details, error
messages).

I'm glad to hear it's all sorted.

I probably would have gone to the (too long offline) mirror and restored
a recent 'system state', while in a disconnected state, possibly have had
issues but _probably_ not as many as you experienced. However, I can
theorise about the process till hades turns cold, fact is, you have a
functioning system. I'm sorry I was of no benefit in the process but I still
suggest you need to look at your DR procedure, or maybe the approach to DR,
make it easier should it happen again.