Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Re Create one DC
Re Create one DC [message #156622] Mon, 22 June 2009 12:41 Go to next message
Sarfraz Malik  is currently offline Sarfraz Malik
Messages: 12
Registered: September 2009
Junior Member
We have a domain with 2 DC. One of the DC crash and have to reinstall OS
windows 2003 standard edition. Name the computer same as before, join the
domain, made it a DC and also a DNS server. It will not replicate with the
current DC.
Do I have to do any thing on the current active DC to enable this
replication. Getting errors in event log, event ID 5513 and 5805.
Any help appreciated. Thanks.
Re: Re Create one DC [message #156625 is a reply to message #156622] Mon, 22 June 2009 13:16 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Sarfraz Malik" <SarfrazMalik@discussions.microsoft.com> wrote in message
news:5AA89573-60EF-4579-AF9B-B6C4AC967EA7@microsoft.com...
> We have a domain with 2 DC. One of the DC crash and have to reinstall OS
> windows 2003 standard edition. Name the computer same as before, join the
> domain, made it a DC and also a DNS server. It will not replicate with the
> current DC.
> Do I have to do any thing on the current active DC to enable this
> replication. Getting errors in event log, event ID 5513 and 5805.
> Any help appreciated. Thanks.


Without even having to look up those event log IDs, (but I did anyway!),
that the errors are due to using the same name for the DC before properly
removing the reference out of the AD database using the Metadat Cleanup
procedure. This procedure would have been needed to remove the old DC from
the AD domain database. Apparently since it wasn't done, the system thinks
the old DC is still there because it's trying to communicate using the old
SID and GUID of the DC, and not just the name.

My suggestion is to demote this DC. If not demotable, you can use the
"dcpromo /forceremoval" switch to remove it. Then run the Metadata Cleanup
procedure to completely remove the old reference, as indicated in the
following article:

Cleanup (Metadata Cleanup) the AD database from the crashed DC - How to
remove data in Active Directory after an unsuccessful domain controller
demotion (or failure).
http://support.microsoft.com/kb/216498

Also manually delete it from AD Sites and Services.

Then allow replication to occur so the changes take effect among existing
DCs.

Then rebuild, and promote the new DC using the same name into the domain as
a replica DC.

I hope that helps.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup/forum to benefit from collaboration among
responding engineers, as well as to help others benefit from your
resolution.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Re: Re Create one DC [message #156629 is a reply to message #156625] Mon, 22 June 2009 14:01 Go to previous messageGo to next message
Sarfraz Malik  is currently offline Sarfraz Malik
Messages: 12
Registered: September 2009
Junior Member
If I demote the new DC, take it out of domain, and rename the server, join
the domain with new name, and promote it as DC, will I still have to run the
Metadat cleanup. Will it work, Thanks.

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "Sarfraz Malik" <SarfrazMalik@discussions.microsoft.com> wrote in message
> news:5AA89573-60EF-4579-AF9B-B6C4AC967EA7@microsoft.com...
> > We have a domain with 2 DC. One of the DC crash and have to reinstall OS
> > windows 2003 standard edition. Name the computer same as before, join the
> > domain, made it a DC and also a DNS server. It will not replicate with the
> > current DC.
> > Do I have to do any thing on the current active DC to enable this
> > replication. Getting errors in event log, event ID 5513 and 5805.
> > Any help appreciated. Thanks.
>
>
> Without even having to look up those event log IDs, (but I did anyway!),
> that the errors are due to using the same name for the DC before properly
> removing the reference out of the AD database using the Metadat Cleanup
> procedure. This procedure would have been needed to remove the old DC from
> the AD domain database. Apparently since it wasn't done, the system thinks
> the old DC is still there because it's trying to communicate using the old
> SID and GUID of the DC, and not just the name.
>
> My suggestion is to demote this DC. If not demotable, you can use the
> "dcpromo /forceremoval" switch to remove it. Then run the Metadata Cleanup
> procedure to completely remove the old reference, as indicated in the
> following article:
>
> Cleanup (Metadata Cleanup) the AD database from the crashed DC - How to
> remove data in Active Directory after an unsuccessful domain controller
> demotion (or failure).
> http://support.microsoft.com/kb/216498
>
> Also manually delete it from AD Sites and Services.
>
> Then allow replication to occur so the changes take effect among existing
> DCs.
>
> Then rebuild, and promote the new DC using the same name into the domain as
> a replica DC.
>
> I hope that helps.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup/forum to benefit from collaboration among
> responding engineers, as well as to help others benefit from your
> resolution.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> aceman@mvps.RemoveThisPart.org
> http://twitter.com/acefekay
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
>
Re: Re Create one DC [message #156631 is a reply to message #156629] Mon, 22 June 2009 14:12 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Sarfraz Malik" <SarfrazMalik@discussions.microsoft.com> wrote in message
news:1C3BD48A-3800-407A-8D8E-41CCD7128010@microsoft.com...
> If I demote the new DC, take it out of domain, and rename the server, join
> the domain with new name, and promote it as DC, will I still have to run
> the
> Metadat cleanup. Will it work, Thanks.
>

Yes, that will work, and YES, you MUST run the procedure to remove the
failed DC, or other errors will show up, for the simple reason it crashed.
AD doesn't work like NT4, where you delete or remove the machine and it's
not longer there. AD has connection and numerous other objects still tied to
it in the AD database.

Ace
Re: Re Create one DC [message #156640 is a reply to message #156631] Mon, 22 June 2009 17:19 Go to previous messageGo to next message
Sarfraz Malik  is currently offline Sarfraz Malik
Messages: 12
Registered: September 2009
Junior Member
Thanks. It works fine.

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "Sarfraz Malik" <SarfrazMalik@discussions.microsoft.com> wrote in message
> news:1C3BD48A-3800-407A-8D8E-41CCD7128010@microsoft.com...
> > If I demote the new DC, take it out of domain, and rename the server, join
> > the domain with new name, and promote it as DC, will I still have to run
> > the
> > Metadat cleanup. Will it work, Thanks.
> >
>
> Yes, that will work, and YES, you MUST run the procedure to remove the
> failed DC, or other errors will show up, for the simple reason it crashed.
> AD doesn't work like NT4, where you delete or remove the machine and it's
> not longer there. AD has connection and numerous other objects still tied to
> it in the AD database.
>
> Ace
>
>
>
Re: Re Create one DC [message #156648 is a reply to message #156640] Mon, 22 June 2009 23:19 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Sarfraz Malik" <SarfrazMalik@discussions.microsoft.com> wrote in message
news:2531BE5C-1EDA-4801-BDBF-C7BC58DD9509@microsoft.com...
> Thanks. It works fine.

You mean you demoted and renamed your DC?

Ace
Re: Re Create one DC [message #156653 is a reply to message #156622] Tue, 23 June 2009 02:26 Go to previous message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Sarfraz,

If a DC crashes and doesn't can be restored from backup you have to remove
it complete form the domain according to:
http://support.microsoft.com/kb/555846/en-us

You can use AFTER the above procedure the same name, ip address etc. NOT
before, this will result in problems and errors.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> We have a domain with 2 DC. One of the DC crash and have to reinstall
> OS
> windows 2003 standard edition. Name the computer same as before, join
> the
> domain, made it a DC and also a DNS server. It will not replicate with
> the
> current DC.
> Do I have to do any thing on the current active DC to enable this
> replication. Getting errors in event log, event ID 5513 and 5805.
> Any help appreciated. Thanks.
Previous Topic:Default Group Membership
Next Topic:Active Directory Groups question
Goto Forum:
  


Current Time: Sat Oct 21 18:59:18 EDT 2017

Total time taken to generate the page: 0.04675 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software