Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Only boots in to AD recovery
Only boots in to AD recovery [message #159048] Thu, 23 July 2009 07:31 Go to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
This is what I walked in to: AD not working, will only boot in to AD recovery
and there are no system state backup of the failed server, and it holds all
FSMO roles. Lets call this SRV1 So I cannot run DCPROMO.

There is another DC (SRV2) on the network but they are not trusted, but the
console has been locked and the password will not unlock it due to the FSMO
roles all being on SRV1.
On SRV1 have tried AD repair did not work. When I ran DCDIAG the following
error came up: LDAP error 55, Handling error 8444.
Looks like DNS was hosed.
Is my only option to reinstall the os?
And how do I recover SRV2 and retake FSMO roles without losing that server?
Sorry long day and night.
RE: Only boots in to AD recovery [message #159050 is a reply to message #159048] Thu, 23 July 2009 07:37 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Sorry the OS is Window Server 2003 standard.

"Deb" wrote:

> This is what I walked in to: AD not working, will only boot in to AD recovery
> and there are no system state backup of the failed server, and it holds all
> FSMO roles. Lets call this SRV1 So I cannot run DCPROMO.
>
> There is another DC (SRV2) on the network but they are not trusted, but the
> console has been locked and the password will not unlock it due to the FSMO
> roles all being on SRV1.
> On SRV1 have tried AD repair did not work. When I ran DCDIAG the following
> error came up: LDAP error 55, Handling error 8444.
> Looks like DNS was hosed.
> Is my only option to reinstall the os?
> And how do I recover SRV2 and retake FSMO roles without losing that server?
> Sorry long day and night.
>
Re: Only boots in to AD recovery [message #159051 is a reply to message #159048] Thu, 23 July 2009 07:37 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Deb,

Without a system state backup you can not recover srv1.

What do you meant with "another DC (SRV2) on the network but they are not
trusted"? If that server is in the same domain and they hopefully have always
replicated, you should be able to seize the FSMO roles.

Which exact error mesage do you get when trying to logon? FSMO roles are
not needed for logging on.

Is the second DC also DNS server and Global catalog?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> This is what I walked in to: AD not working, will only boot in to AD
> recovery and there are no system state backup of the failed server,
> and it holds all FSMO roles. Lets call this SRV1 So I cannot run
> DCPROMO.
>
> There is another DC (SRV2) on the network but they are not trusted,
> but the
> console has been locked and the password will not unlock it due to the
> FSMO
> roles all being on SRV1.
> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
> following
> error came up: LDAP error 55, Handling error 8444.
> Looks like DNS was hosed.
> Is my only option to reinstall the os?
> And how do I recover SRV2 and retake FSMO roles without losing that
> server?
> Sorry long day and night.
Re: Only boots in to AD recovery [message #159053 is a reply to message #159048] Thu, 23 July 2009 07:39 Go to previous messageGo to next message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
You should be able to log on to SRV2 - regardless of whether FSMO owner is
reachable. Once you do, make sure that it is configured as GC/DNS,
shut down SRV1, remove references to it from AD
(http://support.microsoft.com/?id=216498), seize FSMO roles so they all are
hosted on SRV2, reinstall SRV1 and promote it back to the role of DC...

hth
Marcin

"Deb" <Deb@discussions.microsoft.com> wrote in message
news:F9AD571F-8B8F-45BC-B4EB-ABBED06C3CB7@microsoft.com...
> This is what I walked in to: AD not working, will only boot in to AD
> recovery
> and there are no system state backup of the failed server, and it holds
> all
> FSMO roles. Lets call this SRV1 So I cannot run DCPROMO.
>
> There is another DC (SRV2) on the network but they are not trusted, but
> the
> console has been locked and the password will not unlock it due to the
> FSMO
> roles all being on SRV1.
> On SRV1 have tried AD repair did not work. When I ran DCDIAG the following
> error came up: LDAP error 55, Handling error 8444.
> Looks like DNS was hosed.
> Is my only option to reinstall the os?
> And how do I recover SRV2 and retake FSMO roles without losing that
> server?
> Sorry long day and night.
>
Re: Only boots in to AD recovery [message #159054 is a reply to message #159051] Thu, 23 July 2009 07:58 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
SRV2 is in another domain on the network. Which look they are in the same
forest. The only message is the password in not correct and will not unlock
the console. I will have to try connecting to it from another machice.
<Is the second DC also DNS server and Global catalog?> yes it has DNS
running on it. Don’t know about the GC. If it is not can I reseize it?


"Meinolf Weber [MVP-DS]" wrote:

> Hello Deb,
>
> Without a system state backup you can not recover srv1.
>
> What do you meant with "another DC (SRV2) on the network but they are not
> trusted"? If that server is in the same domain and they hopefully have always
> replicated, you should be able to seize the FSMO roles.
>
> Which exact error mesage do you get when trying to logon? FSMO roles are
> not needed for logging on.
>
> Is the second DC also DNS server and Global catalog?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > This is what I walked in to: AD not working, will only boot in to AD
> > recovery and there are no system state backup of the failed server,
> > and it holds all FSMO roles. Lets call this SRV1 So I cannot run
> > DCPROMO.
> >
> > There is another DC (SRV2) on the network but they are not trusted,
> > but the
> > console has been locked and the password will not unlock it due to the
> > FSMO
> > roles all being on SRV1.
> > On SRV1 have tried AD repair did not work. When I ran DCDIAG the
> > following
> > error came up: LDAP error 55, Handling error 8444.
> > Looks like DNS was hosed.
> > Is my only option to reinstall the os?
> > And how do I recover SRV2 and retake FSMO roles without losing that
> > server?
> > Sorry long day and night.
>
>
>
Re: Only boots in to AD recovery [message #159055 is a reply to message #159054] Thu, 23 July 2009 08:06 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Deb,

Please describe more detailed your setup, is the broken DC the root server,
the first installed one in the forest? Give some more details about all DCs
and how they are located, you can change names just to domain.com or DC1
for example, but keep the format you are using.

You can enabling the GC in AD sites and services, but i suggest lets go on
step by step to see what you have and how to see what is going on in your
forest.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> SRV2 is in another domain on the network. Which look they are in the
> same
> forest. The only message is the password in not correct and will not
> unlock
> the console. I will have to try connecting to it from another machice.
> <Is the second DC also DNS server and Global catalog?> yes it has DNS
> running on it. Don't know about the GC. If it is not can I reseize it?
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Deb,
>>
>> Without a system state backup you can not recover srv1.
>>
>> What do you meant with "another DC (SRV2) on the network but they are
>> not trusted"? If that server is in the same domain and they hopefully
>> have always replicated, you should be able to seize the FSMO roles.
>>
>> Which exact error mesage do you get when trying to logon? FSMO roles
>> are not needed for logging on.
>>
>> Is the second DC also DNS server and Global catalog?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> This is what I walked in to: AD not working, will only boot in to AD
>>> recovery and there are no system state backup of the failed server,
>>> and it holds all FSMO roles. Lets call this SRV1 So I cannot run
>>> DCPROMO.
>>>
>>> There is another DC (SRV2) on the network but they are not trusted,
>>> but the
>>> console has been locked and the password will not unlock it due to
>>> the
>>> FSMO
>>> roles all being on SRV1.
>>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
>>> following
>>> error came up: LDAP error 55, Handling error 8444.
>>> Looks like DNS was hosed.
>>> Is my only option to reinstall the os?
>>> And how do I recover SRV2 and retake FSMO roles without losing that
>>> server?
>>> Sorry long day and night.
Re: Only boots in to AD recovery [message #159057 is a reply to message #159055] Thu, 23 July 2009 08:34 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
First thank you.

I did not do the installs and there is no documentation as to the setup.
SRV2 is running ADP, so I want to handle this one with care.
SRV1 is the file server, which holds users directories(my doc’s). so now
there Outlook is not working with no connection to server. When this started
they replace the network card in the server and 5 other machine. Thinking
this would help, it did not then I was told about the problem.
Removed some entries from DNS then rebooted and everything when sideways.
The one time I did not checked for backups first.

Net work connection is made though AT&T dsl. (Probably should call them)
Nslookup returned:
Domain: Srv1.works.looking.local
Server: SRV1.Srv1.works.looking.local
But when I was looking at AD it showed SRV0 as the domain name( when it was
up)
Looking.local – should be root DC
Works.looking.local – sub DC

Thanks
Deb


"Meinolf Weber [MVP-DS]" wrote:

> Hello Deb,
>
> Please describe more detailed your setup, is the broken DC the root server,
> the first installed one in the forest? Give some more details about all DCs
> and how they are located, you can change names just to domain.com or DC1
> for example, but keep the format you are using.
>
> You can enabling the GC in AD sites and services, but i suggest lets go on
> step by step to see what you have and how to see what is going on in your
> forest.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > SRV2 is in another domain on the network. Which look they are in the
> > same
> > forest. The only message is the password in not correct and will not
> > unlock
> > the console. I will have to try connecting to it from another machice.
> > <Is the second DC also DNS server and Global catalog?> yes it has DNS
> > running on it. Don't know about the GC. If it is not can I reseize it?
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Deb,
> >>
> >> Without a system state backup you can not recover srv1.
> >>
> >> What do you meant with "another DC (SRV2) on the network but they are
> >> not trusted"? If that server is in the same domain and they hopefully
> >> have always replicated, you should be able to seize the FSMO roles.
> >>
> >> Which exact error mesage do you get when trying to logon? FSMO roles
> >> are not needed for logging on.
> >>
> >> Is the second DC also DNS server and Global catalog?
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> This is what I walked in to: AD not working, will only boot in to AD
> >>> recovery and there are no system state backup of the failed server,
> >>> and it holds all FSMO roles. Lets call this SRV1 So I cannot run
> >>> DCPROMO.
> >>>
> >>> There is another DC (SRV2) on the network but they are not trusted,
> >>> but the
> >>> console has been locked and the password will not unlock it due to
> >>> the
> >>> FSMO
> >>> roles all being on SRV1.
> >>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
> >>> following
> >>> error came up: LDAP error 55, Handling error 8444.
> >>> Looks like DNS was hosed.
> >>> Is my only option to reinstall the os?
> >>> And how do I recover SRV2 and retake FSMO roles without losing that
> >>> server?
> >>> Sorry long day and night.
>
>
>
Re: Only boots in to AD recovery [message #159058 is a reply to message #159057] Thu, 23 July 2009 08:45 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Deb,

It looks for me you the root domain looking.local and a child domain works.looking.local.

In which domain does srv0 was used? Same as srv1? This is really important
to know.


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> First thank you.
>
> I did not do the installs and there is no documentation as to the
> setup.
> SRV2 is running ADP, so I want to handle this one with care.
> SRV1 is the file server, which holds users directories(my doc's). so
> now
> there Outlook is not working with no connection to server. When this
> started
> they replace the network card in the server and 5 other machine.
> Thinking
> this would help, it did not then I was told about the problem.
> Removed some entries from DNS then rebooted and everything when
> sideways.
> The one time I did not checked for backups first.
> Net work connection is made though AT&T dsl. (Probably should call
> them)
> Nslookup returned:
> Domain: Srv1.works.looking.local
> Server: SRV1.Srv1.works.looking.local
> But when I was looking at AD it showed SRV0 as the domain name( when
> it was
> up)
> Looking.local - should be root DC
> Works.looking.local - sub DC
> Thanks
> Deb
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Deb,
>>
>> Please describe more detailed your setup, is the broken DC the root
>> server, the first installed one in the forest? Give some more details
>> about all DCs and how they are located, you can change names just to
>> domain.com or DC1 for example, but keep the format you are using.
>>
>> You can enabling the GC in AD sites and services, but i suggest lets
>> go on step by step to see what you have and how to see what is going
>> on in your forest.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> SRV2 is in another domain on the network. Which look they are in the
>>> same
>>> forest. The only message is the password in not correct and will not
>>> unlock
>>> the console. I will have to try connecting to it from another
>>> machice.
>>> <Is the second DC also DNS server and Global catalog?> yes it has
>>> DNS
>>> running on it. Don't know about the GC. If it is not can I reseize
>>> it?
>>> "Meinolf Weber [MVP-DS]" wrote:
>>>> Hello Deb,
>>>>
>>>> Without a system state backup you can not recover srv1.
>>>>
>>>> What do you meant with "another DC (SRV2) on the network but they
>>>> are not trusted"? If that server is in the same domain and they
>>>> hopefully have always replicated, you should be able to seize the
>>>> FSMO roles.
>>>>
>>>> Which exact error mesage do you get when trying to logon? FSMO
>>>> roles are not needed for logging on.
>>>>
>>>> Is the second DC also DNS server and Global catalog?
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> This is what I walked in to: AD not working, will only boot in to
>>>>> AD recovery and there are no system state backup of the failed
>>>>> server, and it holds all FSMO roles. Lets call this SRV1 So I
>>>>> cannot run DCPROMO.
>>>>>
>>>>> There is another DC (SRV2) on the network but they are not
>>>>> trusted,
>>>>> but the
>>>>> console has been locked and the password will not unlock it due to
>>>>> the
>>>>> FSMO
>>>>> roles all being on SRV1.
>>>>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
>>>>> following
>>>>> error came up: LDAP error 55, Handling error 8444.
>>>>> Looks like DNS was hosed.
>>>>> Is my only option to reinstall the os?
>>>>> And how do I recover SRV2 and retake FSMO roles without losing
>>>>> that
>>>>> server?
>>>>> Sorry long day and night.
Re: Only boots in to AD recovery [message #159059 is a reply to message #159057] Thu, 23 July 2009 08:52 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Deb,

Forget to ask, what happens when you start srv0 normally? Which error message
is shown or does a blue screen appear, if yes which errors are shown?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> First thank you.
>
> I did not do the installs and there is no documentation as to the
> setup.
> SRV2 is running ADP, so I want to handle this one with care.
> SRV1 is the file server, which holds users directories(my doc's). so
> now
> there Outlook is not working with no connection to server. When this
> started
> they replace the network card in the server and 5 other machine.
> Thinking
> this would help, it did not then I was told about the problem.
> Removed some entries from DNS then rebooted and everything when
> sideways.
> The one time I did not checked for backups first.
> Net work connection is made though AT&T dsl. (Probably should call
> them)
> Nslookup returned:
> Domain: Srv1.works.looking.local
> Server: SRV1.Srv1.works.looking.local
> But when I was looking at AD it showed SRV0 as the domain name( when
> it was
> up)
> Looking.local - should be root DC
> Works.looking.local - sub DC
> Thanks
> Deb
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Deb,
>>
>> Please describe more detailed your setup, is the broken DC the root
>> server, the first installed one in the forest? Give some more details
>> about all DCs and how they are located, you can change names just to
>> domain.com or DC1 for example, but keep the format you are using.
>>
>> You can enabling the GC in AD sites and services, but i suggest lets
>> go on step by step to see what you have and how to see what is going
>> on in your forest.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> SRV2 is in another domain on the network. Which look they are in the
>>> same
>>> forest. The only message is the password in not correct and will not
>>> unlock
>>> the console. I will have to try connecting to it from another
>>> machice.
>>> <Is the second DC also DNS server and Global catalog?> yes it has
>>> DNS
>>> running on it. Don't know about the GC. If it is not can I reseize
>>> it?
>>> "Meinolf Weber [MVP-DS]" wrote:
>>>> Hello Deb,
>>>>
>>>> Without a system state backup you can not recover srv1.
>>>>
>>>> What do you meant with "another DC (SRV2) on the network but they
>>>> are not trusted"? If that server is in the same domain and they
>>>> hopefully have always replicated, you should be able to seize the
>>>> FSMO roles.
>>>>
>>>> Which exact error mesage do you get when trying to logon? FSMO
>>>> roles are not needed for logging on.
>>>>
>>>> Is the second DC also DNS server and Global catalog?
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> This is what I walked in to: AD not working, will only boot in to
>>>>> AD recovery and there are no system state backup of the failed
>>>>> server, and it holds all FSMO roles. Lets call this SRV1 So I
>>>>> cannot run DCPROMO.
>>>>>
>>>>> There is another DC (SRV2) on the network but they are not
>>>>> trusted,
>>>>> but the
>>>>> console has been locked and the password will not unlock it due to
>>>>> the
>>>>> FSMO
>>>>> roles all being on SRV1.
>>>>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
>>>>> following
>>>>> error came up: LDAP error 55, Handling error 8444.
>>>>> Looks like DNS was hosed.
>>>>> Is my only option to reinstall the os?
>>>>> And how do I recover SRV2 and retake FSMO roles without losing
>>>>> that
>>>>> server?
>>>>> Sorry long day and night.
Re: Only boots in to AD recovery [message #159060 is a reply to message #159058] Thu, 23 July 2009 09:00 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Hello Meinolf ,

Just shows a domain name of SRV0 not a server. There is no server named
SRV0. A repair was ran to fix the boot process due to bios battery going out
before I was told about the problem along with the NIC replacement. Was told
they just booted from CD and pressed R for repair. So not sure if the server
was renamed or not, no one is telling.

At this point: The files on SRV1 are the only things that need to be kept
and they are on the H: drive. Looking for the best way to rebuild the AD and
not mess the ADP servers AD.

Thanks again,
Deb
Ps going to be off line for 1hr


"Meinolf Weber [MVP-DS]" wrote:

> Hello Deb,
>
> It looks for me you the root domain looking.local and a child domain works.looking.local.
>
> In which domain does srv0 was used? Same as srv1? This is really important
> to know.
>
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > First thank you.
> >
> > I did not do the installs and there is no documentation as to the
> > setup.
> > SRV2 is running ADP, so I want to handle this one with care.
> > SRV1 is the file server, which holds users directories(my doc's). so
> > now
> > there Outlook is not working with no connection to server. When this
> > started
> > they replace the network card in the server and 5 other machine.
> > Thinking
> > this would help, it did not then I was told about the problem.
> > Removed some entries from DNS then rebooted and everything when
> > sideways.
> > The one time I did not checked for backups first.
> > Net work connection is made though AT&T dsl. (Probably should call
> > them)
> > Nslookup returned:
> > Domain: Srv1.works.looking.local
> > Server: SRV1.Srv1.works.looking.local
> > But when I was looking at AD it showed SRV0 as the domain name( when
> > it was
> > up)
> > Looking.local - should be root DC
> > Works.looking.local - sub DC
> > Thanks
> > Deb
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Deb,
> >>
> >> Please describe more detailed your setup, is the broken DC the root
> >> server, the first installed one in the forest? Give some more details
> >> about all DCs and how they are located, you can change names just to
> >> domain.com or DC1 for example, but keep the format you are using.
> >>
> >> You can enabling the GC in AD sites and services, but i suggest lets
> >> go on step by step to see what you have and how to see what is going
> >> on in your forest.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> SRV2 is in another domain on the network. Which look they are in the
> >>> same
> >>> forest. The only message is the password in not correct and will not
> >>> unlock
> >>> the console. I will have to try connecting to it from another
> >>> machice.
> >>> <Is the second DC also DNS server and Global catalog?> yes it has
> >>> DNS
> >>> running on it. Don't know about the GC. If it is not can I reseize
> >>> it?
> >>> "Meinolf Weber [MVP-DS]" wrote:
> >>>> Hello Deb,
> >>>>
> >>>> Without a system state backup you can not recover srv1.
> >>>>
> >>>> What do you meant with "another DC (SRV2) on the network but they
> >>>> are not trusted"? If that server is in the same domain and they
> >>>> hopefully have always replicated, you should be able to seize the
> >>>> FSMO roles.
> >>>>
> >>>> Which exact error mesage do you get when trying to logon? FSMO
> >>>> roles are not needed for logging on.
> >>>>
> >>>> Is the second DC also DNS server and Global catalog?
> >>>>
> >>>> Best regards
> >>>>
> >>>> Meinolf Weber
> >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>> and
> >>>> confers
> >>>> no rights.
> >>>> ** Please do NOT email, only reply to Newsgroups
> >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>> This is what I walked in to: AD not working, will only boot in to
> >>>>> AD recovery and there are no system state backup of the failed
> >>>>> server, and it holds all FSMO roles. Lets call this SRV1 So I
> >>>>> cannot run DCPROMO.
> >>>>>
> >>>>> There is another DC (SRV2) on the network but they are not
> >>>>> trusted,
> >>>>> but the
> >>>>> console has been locked and the password will not unlock it due to
> >>>>> the
> >>>>> FSMO
> >>>>> roles all being on SRV1.
> >>>>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
> >>>>> following
> >>>>> error came up: LDAP error 55, Handling error 8444.
> >>>>> Looks like DNS was hosed.
> >>>>> Is my only option to reinstall the os?
> >>>>> And how do I recover SRV2 and retake FSMO roles without losing
> >>>>> that
> >>>>> server?
> >>>>> Sorry long day and night.
>
>
>
Re: Only boots in to AD recovery [message #159061 is a reply to message #159059] Thu, 23 July 2009 09:04 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Hello Meinolf,

There is no SRV0 server that I can find. Have not rebooted the SRV2 server
yet.

Thanks,
Deb


"Meinolf Weber [MVP-DS]" wrote:

> Hello Deb,
>
> Forget to ask, what happens when you start srv0 normally? Which error message
> is shown or does a blue screen appear, if yes which errors are shown?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > First thank you.
> >
> > I did not do the installs and there is no documentation as to the
> > setup.
> > SRV2 is running ADP, so I want to handle this one with care.
> > SRV1 is the file server, which holds users directories(my doc's). so
> > now
> > there Outlook is not working with no connection to server. When this
> > started
> > they replace the network card in the server and 5 other machine.
> > Thinking
> > this would help, it did not then I was told about the problem.
> > Removed some entries from DNS then rebooted and everything when
> > sideways.
> > The one time I did not checked for backups first.
> > Net work connection is made though AT&T dsl. (Probably should call
> > them)
> > Nslookup returned:
> > Domain: Srv1.works.looking.local
> > Server: SRV1.Srv1.works.looking.local
> > But when I was looking at AD it showed SRV0 as the domain name( when
> > it was
> > up)
> > Looking.local - should be root DC
> > Works.looking.local - sub DC
> > Thanks
> > Deb
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Deb,
> >>
> >> Please describe more detailed your setup, is the broken DC the root
> >> server, the first installed one in the forest? Give some more details
> >> about all DCs and how they are located, you can change names just to
> >> domain.com or DC1 for example, but keep the format you are using.
> >>
> >> You can enabling the GC in AD sites and services, but i suggest lets
> >> go on step by step to see what you have and how to see what is going
> >> on in your forest.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> SRV2 is in another domain on the network. Which look they are in the
> >>> same
> >>> forest. The only message is the password in not correct and will not
> >>> unlock
> >>> the console. I will have to try connecting to it from another
> >>> machice.
> >>> <Is the second DC also DNS server and Global catalog?> yes it has
> >>> DNS
> >>> running on it. Don't know about the GC. If it is not can I reseize
> >>> it?
> >>> "Meinolf Weber [MVP-DS]" wrote:
> >>>> Hello Deb,
> >>>>
> >>>> Without a system state backup you can not recover srv1.
> >>>>
> >>>> What do you meant with "another DC (SRV2) on the network but they
> >>>> are not trusted"? If that server is in the same domain and they
> >>>> hopefully have always replicated, you should be able to seize the
> >>>> FSMO roles.
> >>>>
> >>>> Which exact error mesage do you get when trying to logon? FSMO
> >>>> roles are not needed for logging on.
> >>>>
> >>>> Is the second DC also DNS server and Global catalog?
> >>>>
> >>>> Best regards
> >>>>
> >>>> Meinolf Weber
> >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>> and
> >>>> confers
> >>>> no rights.
> >>>> ** Please do NOT email, only reply to Newsgroups
> >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>> This is what I walked in to: AD not working, will only boot in to
> >>>>> AD recovery and there are no system state backup of the failed
> >>>>> server, and it holds all FSMO roles. Lets call this SRV1 So I
> >>>>> cannot run DCPROMO.
> >>>>>
> >>>>> There is another DC (SRV2) on the network but they are not
> >>>>> trusted,
> >>>>> but the
> >>>>> console has been locked and the password will not unlock it due to
> >>>>> the
> >>>>> FSMO
> >>>>> roles all being on SRV1.
> >>>>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
> >>>>> following
> >>>>> error came up: LDAP error 55, Handling error 8444.
> >>>>> Looks like DNS was hosed.
> >>>>> Is my only option to reinstall the os?
> >>>>> And how do I recover SRV2 and retake FSMO roles without losing
> >>>>> that
> >>>>> server?
> >>>>> Sorry long day and night.
>
>
>
Re: Only boots in to AD recovery [message #159062 is a reply to message #159060] Thu, 23 July 2009 09:08 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Deb,

If you mean what is shown in Active directory users and comuters console.
At the highest listed level you see "Active directory users and comuters
servername.works.looking.local" or "Active directory users and comuters servername.looking.local"

This is NOT the domain name it is the servername with the domain name shown.
So if you saw there srv0.looking.local the servername is srv0.

And if the server was in the root domain and is crashed you are not able
to start it and fix the erorrs and don't have a backup form that server or
another domain controller in the root domain, sorry then you are lost and
have to start complete from scratch. This will then also apply to the child
domain becasue you can not keep it without the root domain.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello Meinolf ,
>
> Just shows a domain name of SRV0 not a server. There is no server
> named SRV0. A repair was ran to fix the boot process due to bios
> battery going out before I was told about the problem along with the
> NIC replacement. Was told they just booted from CD and pressed R for
> repair. So not sure if the server was renamed or not, no one is
> telling.
>
> At this point: The files on SRV1 are the only things that need to be
> kept and they are on the H: drive. Looking for the best way to rebuild
> the AD and not mess the ADP servers AD.
>
> Thanks again,
> Deb
> Ps going to be off line for 1hr
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Deb,
>>
>> It looks for me you the root domain looking.local and a child domain
>> works.looking.local.
>>
>> In which domain does srv0 was used? Same as srv1? This is really
>> important to know.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> First thank you.
>>>
>>> I did not do the installs and there is no documentation as to the
>>> setup.
>>> SRV2 is running ADP, so I want to handle this one with care.
>>> SRV1 is the file server, which holds users directories(my doc's). so
>>> now
>>> there Outlook is not working with no connection to server. When this
>>> started
>>> they replace the network card in the server and 5 other machine.
>>> Thinking
>>> this would help, it did not then I was told about the problem.
>>> Removed some entries from DNS then rebooted and everything when
>>> sideways.
>>> The one time I did not checked for backups first.
>>> Net work connection is made though AT&T dsl. (Probably should call
>>> them)
>>> Nslookup returned:
>>> Domain: Srv1.works.looking.local
>>> Server: SRV1.Srv1.works.looking.local
>>> But when I was looking at AD it showed SRV0 as the domain name( when
>>> it was
>>> up)
>>> Looking.local - should be root DC
>>> Works.looking.local - sub DC
>>> Thanks
>>> Deb
>>> "Meinolf Weber [MVP-DS]" wrote:
>>>> Hello Deb,
>>>>
>>>> Please describe more detailed your setup, is the broken DC the root
>>>> server, the first installed one in the forest? Give some more
>>>> details about all DCs and how they are located, you can change
>>>> names just to domain.com or DC1 for example, but keep the format
>>>> you are using.
>>>>
>>>> You can enabling the GC in AD sites and services, but i suggest
>>>> lets go on step by step to see what you have and how to see what is
>>>> going on in your forest.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> SRV2 is in another domain on the network. Which look they are in
>>>>> the
>>>>> same
>>>>> forest. The only message is the password in not correct and will
>>>>> not
>>>>> unlock
>>>>> the console. I will have to try connecting to it from another
>>>>> machice.
>>>>> <Is the second DC also DNS server and Global catalog?> yes it has
>>>>> DNS
>>>>> running on it. Don't know about the GC. If it is not can I reseize
>>>>> it?
>>>>> "Meinolf Weber [MVP-DS]" wrote:
>>>>>> Hello Deb,
>>>>>>
>>>>>> Without a system state backup you can not recover srv1.
>>>>>>
>>>>>> What do you meant with "another DC (SRV2) on the network but they
>>>>>> are not trusted"? If that server is in the same domain and they
>>>>>> hopefully have always replicated, you should be able to seize the
>>>>>> FSMO roles.
>>>>>>
>>>>>> Which exact error mesage do you get when trying to logon? FSMO
>>>>>> roles are not needed for logging on.
>>>>>>
>>>>>> Is the second DC also DNS server and Global catalog?
>>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers
>>>>>> no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> This is what I walked in to: AD not working, will only boot in
>>>>>>> to AD recovery and there are no system state backup of the
>>>>>>> failed server, and it holds all FSMO roles. Lets call this SRV1
>>>>>>> So I cannot run DCPROMO.
>>>>>>>
>>>>>>> There is another DC (SRV2) on the network but they are not
>>>>>>> trusted,
>>>>>>> but the
>>>>>>> console has been locked and the password will not unlock it due
>>>>>>> to
>>>>>>> the
>>>>>>> FSMO
>>>>>>> roles all being on SRV1.
>>>>>>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
>>>>>>> following
>>>>>>> error came up: LDAP error 55, Handling error 8444.
>>>>>>> Looks like DNS was hosed.
>>>>>>> Is my only option to reinstall the os?
>>>>>>> And how do I recover SRV2 and retake FSMO roles without losing
>>>>>>> that
>>>>>>> server?
>>>>>>> Sorry long day and night.
Re: Only boots in to AD recovery [message #159075 is a reply to message #159053] Thu, 23 July 2009 14:26 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Hello Marcin,
For SRV2 I with have to take over the session or log the admin off the
console. Then boot try and log back in. And make sure it is a GC/DNS still,
which it should be, because there was not a reference to SRV1 in the DNS or
its AD Site if I remember right.
SRV1-To make sure I understand this and boot into the right mode.
1-Take SRV1 off the network and boot into AD recovery
then run ntdsutil with the option of “metadata cleanup” and finish steps in
(http://support.microsoft.com/?id=216498)

Do I have it right as far as deleting and recreating SRV1 as a DC?
Thank you,
Deb


"Marcin" wrote:

> You should be able to log on to SRV2 - regardless of whether FSMO owner is
> reachable. Once you do, make sure that it is configured as GC/DNS,
> shut down SRV1, remove references to it from AD
> (http://support.microsoft.com/?id=216498), seize FSMO roles so they all are
> hosted on SRV2, reinstall SRV1 and promote it back to the role of DC...
>
> hth
> Marcin
>
> "Deb" <Deb@discussions.microsoft.com> wrote in message
> news:F9AD571F-8B8F-45BC-B4EB-ABBED06C3CB7@microsoft.com...
> > This is what I walked in to: AD not working, will only boot in to AD
> > recovery
> > and there are no system state backup of the failed server, and it holds
> > all
> > FSMO roles. Lets call this SRV1 So I cannot run DCPROMO.
> >
> > There is another DC (SRV2) on the network but they are not trusted, but
> > the
> > console has been locked and the password will not unlock it due to the
> > FSMO
> > roles all being on SRV1.
> > On SRV1 have tried AD repair did not work. When I ran DCDIAG the following
> > error came up: LDAP error 55, Handling error 8444.
> > Looks like DNS was hosed.
> > Is my only option to reinstall the os?
> > And how do I recover SRV2 and retake FSMO roles without losing that
> > server?
> > Sorry long day and night.
> >
>
>
>
Re: Only boots in to AD recovery [message #159076 is a reply to message #159059] Thu, 23 July 2009 14:34 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Hello Meinolf,

What do you think about my post that was a reply to Marcin.
Am I on the right track?

Just need to clean up SRV1 and get the users connected back.
Heading to the site now.
Thank you,

Debora


"Meinolf Weber [MVP-DS]" wrote:

> Hello Deb,
>
> Forget to ask, what happens when you start srv0 normally? Which error message
> is shown or does a blue screen appear, if yes which errors are shown?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > First thank you.
> >
> > I did not do the installs and there is no documentation as to the
> > setup.
> > SRV2 is running ADP, so I want to handle this one with care.
> > SRV1 is the file server, which holds users directories(my doc's). so
> > now
> > there Outlook is not working with no connection to server. When this
> > started
> > they replace the network card in the server and 5 other machine.
> > Thinking
> > this would help, it did not then I was told about the problem.
> > Removed some entries from DNS then rebooted and everything when
> > sideways.
> > The one time I did not checked for backups first.
> > Net work connection is made though AT&T dsl. (Probably should call
> > them)
> > Nslookup returned:
> > Domain: Srv1.works.looking.local
> > Server: SRV1.Srv1.works.looking.local
> > But when I was looking at AD it showed SRV0 as the domain name( when
> > it was
> > up)
> > Looking.local - should be root DC
> > Works.looking.local - sub DC
> > Thanks
> > Deb
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Deb,
> >>
> >> Please describe more detailed your setup, is the broken DC the root
> >> server, the first installed one in the forest? Give some more details
> >> about all DCs and how they are located, you can change names just to
> >> domain.com or DC1 for example, but keep the format you are using.
> >>
> >> You can enabling the GC in AD sites and services, but i suggest lets
> >> go on step by step to see what you have and how to see what is going
> >> on in your forest.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> SRV2 is in another domain on the network. Which look they are in the
> >>> same
> >>> forest. The only message is the password in not correct and will not
> >>> unlock
> >>> the console. I will have to try connecting to it from another
> >>> machice.
> >>> <Is the second DC also DNS server and Global catalog?> yes it has
> >>> DNS
> >>> running on it. Don't know about the GC. If it is not can I reseize
> >>> it?
> >>> "Meinolf Weber [MVP-DS]" wrote:
> >>>> Hello Deb,
> >>>>
> >>>> Without a system state backup you can not recover srv1.
> >>>>
> >>>> What do you meant with "another DC (SRV2) on the network but they
> >>>> are not trusted"? If that server is in the same domain and they
> >>>> hopefully have always replicated, you should be able to seize the
> >>>> FSMO roles.
> >>>>
> >>>> Which exact error mesage do you get when trying to logon? FSMO
> >>>> roles are not needed for logging on.
> >>>>
> >>>> Is the second DC also DNS server and Global catalog?
> >>>>
> >>>> Best regards
> >>>>
> >>>> Meinolf Weber
> >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>> and
> >>>> confers
> >>>> no rights.
> >>>> ** Please do NOT email, only reply to Newsgroups
> >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>> This is what I walked in to: AD not working, will only boot in to
> >>>>> AD recovery and there are no system state backup of the failed
> >>>>> server, and it holds all FSMO roles. Lets call this SRV1 So I
> >>>>> cannot run DCPROMO.
> >>>>>
> >>>>> There is another DC (SRV2) on the network but they are not
> >>>>> trusted,
> >>>>> but the
> >>>>> console has been locked and the password will not unlock it due to
> >>>>> the
> >>>>> FSMO
> >>>>> roles all being on SRV1.
> >>>>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
> >>>>> following
> >>>>> error came up: LDAP error 55, Handling error 8444.
> >>>>> Looks like DNS was hosed.
> >>>>> Is my only option to reinstall the os?
> >>>>> And how do I recover SRV2 and retake FSMO roles without losing
> >>>>> that
> >>>>> server?
> >>>>> Sorry long day and night.
>
>
>
Re: Only boots in to AD recovery [message #159082 is a reply to message #159075] Thu, 23 July 2009 16:17 Go to previous messageGo to next message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
Deb,
no - metadata cleanup needs to be performed from the "healthy" DC, providing
that the failed one is unrecoverable...

hth
Marcin

"Deb" <Deb@discussions.microsoft.com> wrote in message
news:D73AF53D-74A0-42D9-B904-561D3C34D3E0@microsoft.com...
> Hello Marcin,
> For SRV2 I with have to take over the session or log the admin off the
> console. Then boot try and log back in. And make sure it is a GC/DNS
> still,
> which it should be, because there was not a reference to SRV1 in the DNS
> or
> its AD Site if I remember right.
> SRV1-To make sure I understand this and boot into the right mode.
> 1-Take SRV1 off the network and boot into AD recovery
> then run ntdsutil with the option of "metadata cleanup" and finish steps
> in
> (http://support.microsoft.com/?id=216498)
>
> Do I have it right as far as deleting and recreating SRV1 as a DC?
> Thank you,
> Deb
>
>
> "Marcin" wrote:
>
>> You should be able to log on to SRV2 - regardless of whether FSMO owner
>> is
>> reachable. Once you do, make sure that it is configured as GC/DNS,
>> shut down SRV1, remove references to it from AD
>> (http://support.microsoft.com/?id=216498), seize FSMO roles so they all
>> are
>> hosted on SRV2, reinstall SRV1 and promote it back to the role of DC...
>>
>> hth
>> Marcin
>>
>> "Deb" <Deb@discussions.microsoft.com> wrote in message
>> news:F9AD571F-8B8F-45BC-B4EB-ABBED06C3CB7@microsoft.com...
>> > This is what I walked in to: AD not working, will only boot in to AD
>> > recovery
>> > and there are no system state backup of the failed server, and it holds
>> > all
>> > FSMO roles. Lets call this SRV1 So I cannot run DCPROMO.
>> >
>> > There is another DC (SRV2) on the network but they are not trusted, but
>> > the
>> > console has been locked and the password will not unlock it due to the
>> > FSMO
>> > roles all being on SRV1.
>> > On SRV1 have tried AD repair did not work. When I ran DCDIAG the
>> > following
>> > error came up: LDAP error 55, Handling error 8444.
>> > Looks like DNS was hosed.
>> > Is my only option to reinstall the os?
>> > And how do I recover SRV2 and retake FSMO roles without losing that
>> > server?
>> > Sorry long day and night.
>> >
>>
>>
>>
Re: Only boots in to AD recovery [message #159084 is a reply to message #159082] Thu, 23 July 2009 16:44 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Hello Marcin,
So what you are saying is on the failed server SRV1 is to login normally and
do a dcpromo to demote and remove failed DC. Or do I need to do it by
reloading the OS?
Thank you,
Deb

"Marcin" wrote:

> Deb,
> no - metadata cleanup needs to be performed from the "healthy" DC, providing
> that the failed one is unrecoverable...
>
> hth
> Marcin
>
> "Deb" <Deb@discussions.microsoft.com> wrote in message
> news:D73AF53D-74A0-42D9-B904-561D3C34D3E0@microsoft.com...
> > Hello Marcin,
> > For SRV2 I with have to take over the session or log the admin off the
> > console. Then boot try and log back in. And make sure it is a GC/DNS
> > still,
> > which it should be, because there was not a reference to SRV1 in the DNS
> > or
> > its AD Site if I remember right.
> > SRV1-To make sure I understand this and boot into the right mode.
> > 1-Take SRV1 off the network and boot into AD recovery
> > then run ntdsutil with the option of "metadata cleanup" and finish steps
> > in
> > (http://support.microsoft.com/?id=216498)
> >
> > Do I have it right as far as deleting and recreating SRV1 as a DC?
> > Thank you,
> > Deb
> >
> >
> > "Marcin" wrote:
> >
> >> You should be able to log on to SRV2 - regardless of whether FSMO owner
> >> is
> >> reachable. Once you do, make sure that it is configured as GC/DNS,
> >> shut down SRV1, remove references to it from AD
> >> (http://support.microsoft.com/?id=216498), seize FSMO roles so they all
> >> are
> >> hosted on SRV2, reinstall SRV1 and promote it back to the role of DC...
> >>
> >> hth
> >> Marcin
> >>
> >> "Deb" <Deb@discussions.microsoft.com> wrote in message
> >> news:F9AD571F-8B8F-45BC-B4EB-ABBED06C3CB7@microsoft.com...
> >> > This is what I walked in to: AD not working, will only boot in to AD
> >> > recovery
> >> > and there are no system state backup of the failed server, and it holds
> >> > all
> >> > FSMO roles. Lets call this SRV1 So I cannot run DCPROMO.
> >> >
> >> > There is another DC (SRV2) on the network but they are not trusted, but
> >> > the
> >> > console has been locked and the password will not unlock it due to the
> >> > FSMO
> >> > roles all being on SRV1.
> >> > On SRV1 have tried AD repair did not work. When I ran DCDIAG the
> >> > following
> >> > error came up: LDAP error 55, Handling error 8444.
> >> > Looks like DNS was hosed.
> >> > Is my only option to reinstall the os?
> >> > And how do I recover SRV2 and retake FSMO roles without losing that
> >> > server?
> >> > Sorry long day and night.
> >> >
> >>
> >>
> >>
>
>
>
Re: Only boots in to AD recovery [message #159087 is a reply to message #159084] Thu, 23 July 2009 17:23 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
This is the error message I receive when booting up and try to login.

“Security Account manager initialization failed because of the following
error: Directory Service account cannot start. Error Status: 0xc00002e1.
Please click OK to shutdown this system and reboot into Directory Services
Restore Mode, check the event log for more detail information.”

So in DS Restore the AD is down and there are no backups to restore. Does
this mean boot from CD and do a reload of the OS,
Thank you,
Deb

"Deb" wrote:

> Hello Marcin,
> So what you are saying is on the failed server SRV1 is to login normally and
> do a dcpromo to demote and remove failed DC. Or do I need to do it by
> reloading the OS?
> Thank you,
> Deb
>
> "Marcin" wrote:
>
> > Deb,
> > no - metadata cleanup needs to be performed from the "healthy" DC, providing
> > that the failed one is unrecoverable...
> >
> > hth
> > Marcin
> >
> > "Deb" <Deb@discussions.microsoft.com> wrote in message
> > news:D73AF53D-74A0-42D9-B904-561D3C34D3E0@microsoft.com...
> > > Hello Marcin,
> > > For SRV2 I with have to take over the session or log the admin off the
> > > console. Then boot try and log back in. And make sure it is a GC/DNS
> > > still,
> > > which it should be, because there was not a reference to SRV1 in the DNS
> > > or
> > > its AD Site if I remember right.
> > > SRV1-To make sure I understand this and boot into the right mode.
> > > 1-Take SRV1 off the network and boot into AD recovery
> > > then run ntdsutil with the option of "metadata cleanup" and finish steps
> > > in
> > > (http://support.microsoft.com/?id=216498)
> > >
> > > Do I have it right as far as deleting and recreating SRV1 as a DC?
> > > Thank you,
> > > Deb
> > >
> > >
> > > "Marcin" wrote:
> > >
> > >> You should be able to log on to SRV2 - regardless of whether FSMO owner
> > >> is
> > >> reachable. Once you do, make sure that it is configured as GC/DNS,
> > >> shut down SRV1, remove references to it from AD
> > >> (http://support.microsoft.com/?id=216498), seize FSMO roles so they all
> > >> are
> > >> hosted on SRV2, reinstall SRV1 and promote it back to the role of DC...
> > >>
> > >> hth
> > >> Marcin
> > >>
> > >> "Deb" <Deb@discussions.microsoft.com> wrote in message
> > >> news:F9AD571F-8B8F-45BC-B4EB-ABBED06C3CB7@microsoft.com...
> > >> > This is what I walked in to: AD not working, will only boot in to AD
> > >> > recovery
> > >> > and there are no system state backup of the failed server, and it holds
> > >> > all
> > >> > FSMO roles. Lets call this SRV1 So I cannot run DCPROMO.
> > >> >
> > >> > There is another DC (SRV2) on the network but they are not trusted, but
> > >> > the
> > >> > console has been locked and the password will not unlock it due to the
> > >> > FSMO
> > >> > roles all being on SRV1.
> > >> > On SRV1 have tried AD repair did not work. When I ran DCDIAG the
> > >> > following
> > >> > error came up: LDAP error 55, Handling error 8444.
> > >> > Looks like DNS was hosed.
> > >> > Is my only option to reinstall the os?
> > >> > And how do I recover SRV2 and retake FSMO roles without losing that
> > >> > server?
> > >> > Sorry long day and night.
> > >> >
> > >>
> > >>
> > >>
> >
> >
> >
Re: Only boots in to AD recovery [message #159092 is a reply to message #159059] Thu, 23 July 2009 18:38 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Ran dcdiag here are the results:

C:\Program Files\Support Tools>dcdiag /V /C /D /E /S:srv0
Command Line: "dcdiag.exe /V /C /D /E /S:srv0"

Domain Controller Diagnosis

Performing initial setup:
* Connecting to directory service on server srv0.
[srv0] LDAP search failed with error 58,
The specified server cannot perform the requested operati
The host jlfsrv0 could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
DcDiag: a dcdiag exception raised, handling error 8444

"Meinolf Weber [MVP-DS]" wrote:

> Hello Deb,
>
> Forget to ask, what happens when you start srv0 normally? Which error message
> is shown or does a blue screen appear, if yes which errors are shown?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > First thank you.
> >
> > I did not do the installs and there is no documentation as to the
> > setup.
> > SRV2 is running ADP, so I want to handle this one with care.
> > SRV1 is the file server, which holds users directories(my doc's). so
> > now
> > there Outlook is not working with no connection to server. When this
> > started
> > they replace the network card in the server and 5 other machine.
> > Thinking
> > this would help, it did not then I was told about the problem.
> > Removed some entries from DNS then rebooted and everything when
> > sideways.
> > The one time I did not checked for backups first.
> > Net work connection is made though AT&T dsl. (Probably should call
> > them)
> > Nslookup returned:
> > Domain: Srv1.works.looking.local
> > Server: SRV1.Srv1.works.looking.local
> > But when I was looking at AD it showed SRV0 as the domain name( when
> > it was
> > up)
> > Looking.local - should be root DC
> > Works.looking.local - sub DC
> > Thanks
> > Deb
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Deb,
> >>
> >> Please describe more detailed your setup, is the broken DC the root
> >> server, the first installed one in the forest? Give some more details
> >> about all DCs and how they are located, you can change names just to
> >> domain.com or DC1 for example, but keep the format you are using.
> >>
> >> You can enabling the GC in AD sites and services, but i suggest lets
> >> go on step by step to see what you have and how to see what is going
> >> on in your forest.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> SRV2 is in another domain on the network. Which look they are in the
> >>> same
> >>> forest. The only message is the password in not correct and will not
> >>> unlock
> >>> the console. I will have to try connecting to it from another
> >>> machice.
> >>> <Is the second DC also DNS server and Global catalog?> yes it has
> >>> DNS
> >>> running on it. Don't know about the GC. If it is not can I reseize
> >>> it?
> >>> "Meinolf Weber [MVP-DS]" wrote:
> >>>> Hello Deb,
> >>>>
> >>>> Without a system state backup you can not recover srv1.
> >>>>
> >>>> What do you meant with "another DC (SRV2) on the network but they
> >>>> are not trusted"? If that server is in the same domain and they
> >>>> hopefully have always replicated, you should be able to seize the
> >>>> FSMO roles.
> >>>>
> >>>> Which exact error mesage do you get when trying to logon? FSMO
> >>>> roles are not needed for logging on.
> >>>>
> >>>> Is the second DC also DNS server and Global catalog?
> >>>>
> >>>> Best regards
> >>>>
> >>>> Meinolf Weber
> >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>> and
> >>>> confers
> >>>> no rights.
> >>>> ** Please do NOT email, only reply to Newsgroups
> >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>> This is what I walked in to: AD not working, will only boot in to
> >>>>> AD recovery and there are no system state backup of the failed
> >>>>> server, and it holds all FSMO roles. Lets call this SRV1 So I
> >>>>> cannot run DCPROMO.
> >>>>>
> >>>>> There is another DC (SRV2) on the network but they are not
> >>>>> trusted,
> >>>>> but the
> >>>>> console has been locked and the password will not unlock it due to
> >>>>> the
> >>>>> FSMO
> >>>>> roles all being on SRV1.
> >>>>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
> >>>>> following
> >>>>> error came up: LDAP error 55, Handling error 8444.
> >>>>> Looks like DNS was hosed.
> >>>>> Is my only option to reinstall the os?
> >>>>> And how do I recover SRV2 and retake FSMO roles without losing
> >>>>> that
> >>>>> server?
> >>>>> Sorry long day and night.
>
>
>
Re: Only boots in to AD recovery [message #159093 is a reply to message #159059] Thu, 23 July 2009 18:39 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
C:\Program Files\Support Tools>repadmin /showrepl /homeserver:srv1
Repadmin can't connect to a "home server", because of the following error.
Try
specifying a different
home server with /homeserver:[dns name]
Error: An LDAP lookup operation failed with the following error:

LDAP Error 81(0x51): Server Down
Server Win32 Error 0(0x0):
Extended Information:

"Meinolf Weber [MVP-DS]" wrote:

> Hello Deb,
>
> Forget to ask, what happens when you start srv0 normally? Which error message
> is shown or does a blue screen appear, if yes which errors are shown?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > First thank you.
> >
> > I did not do the installs and there is no documentation as to the
> > setup.
> > SRV2 is running ADP, so I want to handle this one with care.
> > SRV1 is the file server, which holds users directories(my doc's). so
> > now
> > there Outlook is not working with no connection to server. When this
> > started
> > they replace the network card in the server and 5 other machine.
> > Thinking
> > this would help, it did not then I was told about the problem.
> > Removed some entries from DNS then rebooted and everything when
> > sideways.
> > The one time I did not checked for backups first.
> > Net work connection is made though AT&T dsl. (Probably should call
> > them)
> > Nslookup returned:
> > Domain: Srv1.works.looking.local
> > Server: SRV1.Srv1.works.looking.local
> > But when I was looking at AD it showed SRV0 as the domain name( when
> > it was
> > up)
> > Looking.local - should be root DC
> > Works.looking.local - sub DC
> > Thanks
> > Deb
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Deb,
> >>
> >> Please describe more detailed your setup, is the broken DC the root
> >> server, the first installed one in the forest? Give some more details
> >> about all DCs and how they are located, you can change names just to
> >> domain.com or DC1 for example, but keep the format you are using.
> >>
> >> You can enabling the GC in AD sites and services, but i suggest lets
> >> go on step by step to see what you have and how to see what is going
> >> on in your forest.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> SRV2 is in another domain on the network. Which look they are in the
> >>> same
> >>> forest. The only message is the password in not correct and will not
> >>> unlock
> >>> the console. I will have to try connecting to it from another
> >>> machice.
> >>> <Is the second DC also DNS server and Global catalog?> yes it has
> >>> DNS
> >>> running on it. Don't know about the GC. If it is not can I reseize
> >>> it?
> >>> "Meinolf Weber [MVP-DS]" wrote:
> >>>> Hello Deb,
> >>>>
> >>>> Without a system state backup you can not recover srv1.
> >>>>
> >>>> What do you meant with "another DC (SRV2) on the network but they
> >>>> are not trusted"? If that server is in the same domain and they
> >>>> hopefully have always replicated, you should be able to seize the
> >>>> FSMO roles.
> >>>>
> >>>> Which exact error mesage do you get when trying to logon? FSMO
> >>>> roles are not needed for logging on.
> >>>>
> >>>> Is the second DC also DNS server and Global catalog?
> >>>>
> >>>> Best regards
> >>>>
> >>>> Meinolf Weber
> >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>> and
> >>>> confers
> >>>> no rights.
> >>>> ** Please do NOT email, only reply to Newsgroups
> >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>> This is what I walked in to: AD not working, will only boot in to
> >>>>> AD recovery and there are no system state backup of the failed
> >>>>> server, and it holds all FSMO roles. Lets call this SRV1 So I
> >>>>> cannot run DCPROMO.
> >>>>>
> >>>>> There is another DC (SRV2) on the network but they are not
> >>>>> trusted,
> >>>>> but the
> >>>>> console has been locked and the password will not unlock it due to
> >>>>> the
> >>>>> FSMO
> >>>>> roles all being on SRV1.
> >>>>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
> >>>>> following
> >>>>> error came up: LDAP error 55, Handling error 8444.
> >>>>> Looks like DNS was hosed.
> >>>>> Is my only option to reinstall the os?
> >>>>> And how do I recover SRV2 and retake FSMO roles without losing
> >>>>> that
> >>>>> server?
> >>>>> Sorry long day and night.
>
>
>
Re: Only boots in to AD recovery [message #159094 is a reply to message #159059] Thu, 23 July 2009 18:39 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Ran netdiag /test:dns results:

C:\Program Files\Support Tools>netdiag /test:dns

........

Computer Name: SRV1
DNS Host Name: srv1.srv1.works.looking.local
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
KB925902-v2
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection 4

Netcard queries test . . . : Passed


Global results:


Domain membership test . . . . . . : Passed
Dns domain name is not specified.
Dns forest name is not specified.


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{CFA59F5F-4A2B-4136-B7C4-51693452B4DB}
1 NetBt transport currently configured.


DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'srv1.srv1.works.looking.local.'. [RCODE_SERVER_FAILURE]

The name 'srv1.srv1.works.looking.local.' may not be reg
istered in DNS.


The command completed successfully

"Meinolf Weber [MVP-DS]" wrote:

> Hello Deb,
>
> Forget to ask, what happens when you start srv0 normally? Which error message
> is shown or does a blue screen appear, if yes which errors are shown?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > First thank you.
> >
> > I did not do the installs and there is no documentation as to the
> > setup.
> > SRV2 is running ADP, so I want to handle this one with care.
> > SRV1 is the file server, which holds users directories(my doc's). so
> > now
> > there Outlook is not working with no connection to server. When this
> > started
> > they replace the network card in the server and 5 other machine.
> > Thinking
> > this would help, it did not then I was told about the problem.
> > Removed some entries from DNS then rebooted and everything when
> > sideways.
> > The one time I did not checked for backups first.
> > Net work connection is made though AT&T dsl. (Probably should call
> > them)
> > Nslookup returned:
> > Domain: Srv1.works.looking.local
> > Server: SRV1.Srv1.works.looking.local
> > But when I was looking at AD it showed SRV0 as the domain name( when
> > it was
> > up)
> > Looking.local - should be root DC
> > Works.looking.local - sub DC
> > Thanks
> > Deb
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Deb,
> >>
> >> Please describe more detailed your setup, is the broken DC the root
> >> server, the first installed one in the forest? Give some more details
> >> about all DCs and how they are located, you can change names just to
> >> domain.com or DC1 for example, but keep the format you are using.
> >>
> >> You can enabling the GC in AD sites and services, but i suggest lets
> >> go on step by step to see what you have and how to see what is going
> >> on in your forest.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> SRV2 is in another domain on the network. Which look they are in the
> >>> same
> >>> forest. The only message is the password in not correct and will not
> >>> unlock
> >>> the console. I will have to try connecting to it from another
> >>> machice.
> >>> <Is the second DC also DNS server and Global catalog?> yes it has
> >>> DNS
> >>> running on it. Don't know about the GC. If it is not can I reseize
> >>> it?
> >>> "Meinolf Weber [MVP-DS]" wrote:
> >>>> Hello Deb,
> >>>>
> >>>> Without a system state backup you can not recover srv1.
> >>>>
> >>>> What do you meant with "another DC (SRV2) on the network but they
> >>>> are not trusted"? If that server is in the same domain and they
> >>>> hopefully have always replicated, you should be able to seize the
> >>>> FSMO roles.
> >>>>
> >>>> Which exact error mesage do you get when trying to logon? FSMO
> >>>> roles are not needed for logging on.
> >>>>
> >>>> Is the second DC also DNS server and Global catalog?
> >>>>
> >>>> Best regards
> >>>>
> >>>> Meinolf Weber
> >>>> Disclaimer: This posting is provided "AS IS" with no warranties,
> >>>> and
> >>>> confers
> >>>> no rights.
> >>>> ** Please do NOT email, only reply to Newsgroups
> >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>>>> This is what I walked in to: AD not working, will only boot in to
> >>>>> AD recovery and there are no system state backup of the failed
> >>>>> server, and it holds all FSMO roles. Lets call this SRV1 So I
> >>>>> cannot run DCPROMO.
> >>>>>
> >>>>> There is another DC (SRV2) on the network but they are not
> >>>>> trusted,
> >>>>> but the
> >>>>> console has been locked and the password will not unlock it due to
> >>>>> the
> >>>>> FSMO
> >>>>> roles all being on SRV1.
> >>>>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
> >>>>> following
> >>>>> error came up: LDAP error 55, Handling error 8444.
> >>>>> Looks like DNS was hosed.
> >>>>> Is my only option to reinstall the os?
> >>>>> And how do I recover SRV2 and retake FSMO roles without losing
> >>>>> that
> >>>>> server?
> >>>>> Sorry long day and night.
>
>
>
Re: Only boots in to AD recovery [message #159097 is a reply to message #159094] Thu, 23 July 2009 21:39 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Deb" <Deb@discussions.microsoft.com> wrote in message news:18376ACE-BB48-442C-8632-FA2256DA6E68@microsoft.com...
> Ran netdiag /test:dns results:
>
> C:\Program Files\Support Tools>netdiag /test:dns
>
> .......
>
> Computer Name: SRV1
> DNS Host Name: srv1.srv1.works.looking.local
> System info : Windows 2000 Server (Build 3790)
> Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
> List of installed hotfixes :
> KB925902-v2
> Q147222
>
>
> Netcard queries test . . . . . . . : Passed
>
>
>
> Per interface results:
>
> Adapter : Local Area Connection 4
>
> Netcard queries test . . . : Passed
>
>
> Global results:
>
>
> Domain membership test . . . . . . : Passed
> Dns domain name is not specified.
> Dns forest name is not specified.
>
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{CFA59F5F-4A2B-4136-B7C4-51693452B4DB}
> 1 NetBt transport currently configured.
>
>
> DNS test . . . . . . . . . . . . . : Passed
> [WARNING] Cannot find a primary authoritative DNS server for the
> name
> 'srv1.srv1.works.looking.local.'. [RCODE_SERVER_FAILURE]
>
> The name 'srv1.srv1.works.looking.local.' may not be reg
> istered in DNS.
>
>


Hi Deb,

I hope you and Meinolf don't mind me jumping in this late.

I have a few questions. I am curious if the domain name is actually called "srv1.works.looking.local" and the DC's name is also called SRV1? If so, may I assume the NetBIOS name is also SRV1? If so, that would actually cause a NetBIOS name clash. Unless I am in error?

And touching back on what Meinolf was asking earlier, is the forest root name works.looking.local, or is it looking.local? Either way, are there DCs in the Root?

The NetBIOS name clash wouldn't cause AD problems, but the DNS design really confuses me.

Can you post an unedited ipconfig /all from all of your existing DCs, please?

Also, I would like, if possible, a list of all DCs in your forest just to get a better idea of exactly what you have. You can use a command line utility called ntdsutil to list all the DCs in all domains. It's built in to the operating system. Run it while logged on as the Enterprise Administrator of your forest root domain. You can follow the procedure for Metadata Cleanup to list them out, without making changes, in the following article:
http://support.microsoft.com/kb/216498

Although ntdsutil is easier, but if not comfortable with ntdsutil, here is a script that will list all DCs in a forest. I found it at:
http://www.visualbasicscript.com/m_33275/tm.htm

Copy and paste everything between the lines, paste it to a text file, save it as "listDCs.vbs" (with the quotes so it will not append .txt to the end of it). Then run it on a DC in each domain that you have. Post the results, please.

======
Function fGetDCList()
' AUTHOR: DiGiTAL SkReAM
' CONTACT: digital.skream@gmail.com
' DATE : 4/8/2006
' COMMENT: Will return a list of all of the Domain Controllers in an
' Active Directory domain.
Dim oRoot, sConfigNamingContext, oADOConnection, oADOCommand, sADOQuery
Dim oRecordSet, oDC, oSite, oCat, iErr
fGetDCList = "N/A"
On Error Resume Next
Set oRoot = GetObject("LDAP://RootDSE")
iErr = Err.Number
On Error GoTo 0
If iErr = 0 Then
sConfigNamingContext = oRoot.Get("configurationNamingContext")
Set oADOCommand = CreateObject("ADODB.Command")
Set oADOConnection = CreateObject("ADODB.Connection")
oADOConnection.Provider = "ADsDSOObject"
oADOConnection.Open "Active Directory Provider"
oADOCommand.ActiveConnection = oADOConnection
sADOQuery = "<LDAP://" & sConfigNamingContext & ">;(ObjectClass=nTDSDSA);AdsPath;subtree"
oADOCommand.CommandText = sADOQuery
oADOCommand.Properties("Page Size") = 100
oADOCommand.Properties("Timeout") = 30
oADOCommand.Properties("Cache Results") = False
Set oRecordSet = oADOCommand.Execute
Set oCat = New StringCat
Do Until oRecordSet.EOF
Set oDC = GetObject(GetObject(oRecordSet.Fields("AdsPath")).Parent)
oCat "Netbios_Name : " & oDC.cn
'"FQDN : " & oDC.DNSHostName & VbCrLf
oRecordSet.MoveNext
Loop
oADOConnection.Close
fGetDCList = oCat.Flush
End If
End Function
===============

Thanks,

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Messaging, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
Re: Only boots in to AD recovery [message #159098 is a reply to message #159097] Thu, 23 July 2009 23:35 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Hello Ace,

1-Well I am in the processes of reinstalling the OS on SRV1.
2-Now there is a second domain that I need to login to and have it seize the
roles in order to promot jlfsrv1 to a domain controller. But due to jlfsrv1
crashing now I am unable to unlock the console with the password that was
used to login with.

As to your question in the naming:
The domain name was coming up as jlfsrv0 and the output on all the commands
looked like this: jlfsrv1.jlfsrv1.workstations.jlf.local
Now remember someone did a repair of the OS that is where I think the
problem started. Because non of the command output show a domain named
jlfsrv0.
What is the best way to get the second domain to reseize the roles?

It is getting late brain not working so good now.
Thank you,

"Ace Fekay [MCT]" wrote:

> "Deb" <Deb@discussions.microsoft.com> wrote in message news:18376ACE-BB48-442C-8632-FA2256DA6E68@microsoft.com...
> > Ran netdiag /test:dns results:
> >
> > C:\Program Files\Support Tools>netdiag /test:dns
> >
> > .......
> >
> > Computer Name: SRV1
> > DNS Host Name: srv1.srv1.works.looking.local
> > System info : Windows 2000 Server (Build 3790)
> > Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
> > List of installed hotfixes :
> > KB925902-v2
> > Q147222
> >
> >
> > Netcard queries test . . . . . . . : Passed
> >
> >
> >
> > Per interface results:
> >
> > Adapter : Local Area Connection 4
> >
> > Netcard queries test . . . : Passed
> >
> >
> > Global results:
> >
> >
> > Domain membership test . . . . . . : Passed
> > Dns domain name is not specified.
> > Dns forest name is not specified.
> >
> >
> > NetBT transports test. . . . . . . : Passed
> > List of NetBt transports currently configured:
> > NetBT_Tcpip_{CFA59F5F-4A2B-4136-B7C4-51693452B4DB}
> > 1 NetBt transport currently configured.
> >
> >
> > DNS test . . . . . . . . . . . . . : Passed
> > [WARNING] Cannot find a primary authoritative DNS server for the
> > name
> > 'srv1.srv1.works.looking.local.'. [RCODE_SERVER_FAILURE]
> >
> > The name 'srv1.srv1.works.looking.local.' may not be reg
> > istered in DNS.
> >
> >
>
>
> Hi Deb,
>
> I hope you and Meinolf don't mind me jumping in this late.
>
> I have a few questions. I am curious if the domain name is actually called "srv1.works.looking.local" and the DC's name is also called SRV1? If so, may I assume the NetBIOS name is also SRV1? If so, that would actually cause a NetBIOS name clash. Unless I am in error?
>
> And touching back on what Meinolf was asking earlier, is the forest root name works.looking.local, or is it looking.local? Either way, are there DCs in the Root?
>
> The NetBIOS name clash wouldn't cause AD problems, but the DNS design really confuses me.
>
> Can you post an unedited ipconfig /all from all of your existing DCs, please?
>
> Also, I would like, if possible, a list of all DCs in your forest just to get a better idea of exactly what you have. You can use a command line utility called ntdsutil to list all the DCs in all domains. It's built in to the operating system. Run it while logged on as the Enterprise Administrator of your forest root domain. You can follow the procedure for Metadata Cleanup to list them out, without making changes, in the following article:
> http://support.microsoft.com/kb/216498
>
> Although ntdsutil is easier, but if not comfortable with ntdsutil, here is a script that will list all DCs in a forest. I found it at:
> http://www.visualbasicscript.com/m_33275/tm.htm
>
> Copy and paste everything between the lines, paste it to a text file, save it as "listDCs.vbs" (with the quotes so it will not append .txt to the end of it). Then run it on a DC in each domain that you have. Post the results, please.
>
> ======
> Function fGetDCList()
> ' AUTHOR: DiGiTAL SkReAM
> ' CONTACT: digital.skream@gmail.com
> ' DATE : 4/8/2006
> ' COMMENT: Will return a list of all of the Domain Controllers in an
> ' Active Directory domain.
> Dim oRoot, sConfigNamingContext, oADOConnection, oADOCommand, sADOQuery
> Dim oRecordSet, oDC, oSite, oCat, iErr
> fGetDCList = "N/A"
> On Error Resume Next
> Set oRoot = GetObject("LDAP://RootDSE")
> iErr = Err.Number
> On Error GoTo 0
> If iErr = 0 Then
> sConfigNamingContext = oRoot.Get("configurationNamingContext")
> Set oADOCommand = CreateObject("ADODB.Command")
> Set oADOConnection = CreateObject("ADODB.Connection")
> oADOConnection.Provider = "ADsDSOObject"
> oADOConnection.Open "Active Directory Provider"
> oADOCommand.ActiveConnection = oADOConnection
> sADOQuery = "<LDAP://" & sConfigNamingContext & ">;(ObjectClass=nTDSDSA);AdsPath;subtree"
> oADOCommand.CommandText = sADOQuery
> oADOCommand.Properties("Page Size") = 100
> oADOCommand.Properties("Timeout") = 30
> oADOCommand.Properties("Cache Results") = False
> Set oRecordSet = oADOCommand.Execute
> Set oCat = New StringCat
> Do Until oRecordSet.EOF
> Set oDC = GetObject(GetObject(oRecordSet.Fields("AdsPath")).Parent)
> oCat "Netbios_Name : " & oDC.cn
> '"FQDN : " & oDC.DNSHostName & VbCrLf
> oRecordSet.MoveNext
> Loop
> oADOConnection.Close
> fGetDCList = oCat.Flush
> End If
> End Function
> ===============
>
> Thanks,
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.
>
> Please reply back to the newsgroup or forum to benefit from collaboration among responding engineers, and to help others benefit from your resolution.
>
> Ace Fekay, MCT, MCTS Messaging, MCSE, MCSA 2003 & 2000, MCSA Messaging
> Microsoft Certified Trainer
> aceman@mvps.RemoveThisPart.org
> http://twitter.com/acefekay
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
>
Re: Only boots in to AD recovery [message #159101 is a reply to message #159084] Fri, 24 July 2009 03:45 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Deb,

Before removing an old DC we have the need for an answer about the root domain
and if the creashed DC was from the root domain and if that was the only
one. The way Marcin describes applies only if you have additional DCs in
the SAME domain available.

As said earlier, when the root domain DC is crashed and you can not restore
it or have an additioanl DC in the root, you will not be able to restore
the forest. And you have to start complete for all child domains also from
scratch.

Of course you can safe your data before as much as possible, but all user
accounts, computer accounts, security groups, GPOs etc. etc. are lost. All
domain machines have to be rejoined to the new domain and you have to rebuilt
everything, all users will get new passwords etc.etc.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello Marcin,
> So what you are saying is on the failed server SRV1 is to login
> normally and
> do a dcpromo to demote and remove failed DC. Or do I need to do it by
> reloading the OS?
> Thank you,
> Deb
> "Marcin" wrote:
>
>> Deb,
>> no - metadata cleanup needs to be performed from the "healthy" DC,
>> providing
>> that the failed one is unrecoverable...
>> hth
>> Marcin
>> "Deb" <Deb@discussions.microsoft.com> wrote in message
>> news:D73AF53D-74A0-42D9-B904-561D3C34D3E0@microsoft.com...
>>
>>> Hello Marcin,
>>> For SRV2 I with have to take over the session or log the admin off
>>> the
>>> console. Then boot try and log back in. And make sure it is a GC/DNS
>>> still,
>>> which it should be, because there was not a reference to SRV1 in the
>>> DNS
>>> or
>>> its AD Site if I remember right.
>>> SRV1-To make sure I understand this and boot into the right mode.
>>> 1-Take SRV1 off the network and boot into AD recovery
>>> then run ntdsutil with the option of "metadata cleanup" and finish
>>> steps
>>> in
>>> (http://support.microsoft.com/?id=216498)
>>> Do I have it right as far as deleting and recreating SRV1 as a DC?
>>> Thank you,
>>> Deb
>>> "Marcin" wrote:
>>>
>>>> You should be able to log on to SRV2 - regardless of whether FSMO
>>>> owner
>>>> is
>>>> reachable. Once you do, make sure that it is configured as GC/DNS,
>>>> shut down SRV1, remove references to it from AD
>>>> (http://support.microsoft.com/?id=216498), seize FSMO roles so they
>>>> all
>>>> are
>>>> hosted on SRV2, reinstall SRV1 and promote it back to the role of
>>>> DC...
>>>> hth
>>>> Marcin
>>>> "Deb" <Deb@discussions.microsoft.com> wrote in message
>>>> news:F9AD571F-8B8F-45BC-B4EB-ABBED06C3CB7@microsoft.com...
>>>>
>>>>> This is what I walked in to: AD not working, will only boot in to
>>>>> AD
>>>>> recovery
>>>>> and there are no system state backup of the failed server, and it
>>>>> holds
>>>>> all
>>>>> FSMO roles. Lets call this SRV1 So I cannot run DCPROMO.
>>>>> There is another DC (SRV2) on the network but they are not
>>>>> trusted, but
>>>>> the
>>>>> console has been locked and the password will not unlock it due to
>>>>> the
>>>>> FSMO
>>>>> roles all being on SRV1.
>>>>> On SRV1 have tried AD repair did not work. When I ran DCDIAG the
>>>>> following
>>>>> error came up: LDAP error 55, Handling error 8444.
>>>>> Looks like DNS was hosed.
>>>>> Is my only option to reinstall the os?
>>>>> And how do I recover SRV2 and retake FSMO roles without losing
>>>>> that
>>>>> server?
>>>>> Sorry long day and night.
Re: Only boots in to AD recovery [message #159102 is a reply to message #159098] Fri, 24 July 2009 03:47 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Deb,

we need the complete domain structure before we can help you further with
all DCs and domain names in use and where the DCs, especially the crashed
one, are located.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello Ace,
>
> 1-Well I am in the processes of reinstalling the OS on SRV1. 2-Now
> there is a second domain that I need to login to and have it seize the
> roles in order to promot jlfsrv1 to a domain controller. But due to
> jlfsrv1 crashing now I am unable to unlock the console with the
> password that was used to login with.
>
> As to your question in the naming:
> The domain name was coming up as jlfsrv0 and the output on all the
> commands
> looked like this: jlfsrv1.jlfsrv1.workstations.jlf.local
> Now remember someone did a repair of the OS that is where I think the
> problem started. Because non of the command output show a domain named
> jlfsrv0.
> What is the best way to get the second domain to reseize the roles?
> It is getting late brain not working so good now.
> Thank you,
> "Ace Fekay [MCT]" wrote:
>
>> "Deb" <Deb@discussions.microsoft.com> wrote in message
>> news:18376ACE-BB48-442C-8632-FA2256DA6E68@microsoft.com...
>>
>>> Ran netdiag /test:dns results:
>>>
>>> C:\Program Files\Support Tools>netdiag /test:dns
>>>
>>> .......
>>>
>>> Computer Name: SRV1
>>> DNS Host Name: srv1.srv1.works.looking.local
>>> System info : Windows 2000 Server (Build 3790)
>>> Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
>>> List of installed hotfixes :
>>> KB925902-v2
>>> Q147222
>>> Netcard queries test . . . . . . . : Passed
>>>
>>> Per interface results:
>>>
>>> Adapter : Local Area Connection 4
>>>
>>> Netcard queries test . . . : Passed
>>>
>>> Global results:
>>>
>>> Domain membership test . . . . . . : Passed
>>> Dns domain name is not specified.
>>> Dns forest name is not specified.
>>> NetBT transports test. . . . . . . : Passed
>>> List of NetBt transports currently configured:
>>> NetBT_Tcpip_{CFA59F5F-4A2B-4136-B7C4-51693452B4DB}
>>> 1 NetBt transport currently configured.
>>> DNS test . . . . . . . . . . . . . : Passed
>>> [WARNING] Cannot find a primary authoritative DNS server for the
>>> name
>>> 'srv1.srv1.works.looking.local.'. [RCODE_SERVER_FAILURE]
>>> The name 'srv1.srv1.works.looking.local.' may not be reg istered in
>>> DNS.
>>>
>> Hi Deb,
>>
>> I hope you and Meinolf don't mind me jumping in this late.
>>
>> I have a few questions. I am curious if the domain name is actually
>> called "srv1.works.looking.local" and the DC's name is also called
>> SRV1? If so, may I assume the NetBIOS name is also SRV1? If so, that
>> would actually cause a NetBIOS name clash. Unless I am in error?
>>
>> And touching back on what Meinolf was asking earlier, is the forest
>> root name works.looking.local, or is it looking.local? Either way,
>> are there DCs in the Root?
>>
>> The NetBIOS name clash wouldn't cause AD problems, but the DNS design
>> really confuses me.
>>
>> Can you post an unedited ipconfig /all from all of your existing DCs,
>> please?
>>
>> Also, I would like, if possible, a list of all DCs in your forest
>> just to get a better idea of exactly what you have. You can use a
>> command line utility called ntdsutil to list all the DCs in all
>> domains. It's built in to the operating system. Run it while logged
>> on as the Enterprise Administrator of your forest root domain. You
>> can follow the procedure for Metadata Cleanup to list them out,
>> without making changes, in the following article:
>>
>> http://support.microsoft.com/kb/216498
>>
>> Although ntdsutil is easier, but if not comfortable with ntdsutil,
>> here is a script that will list all DCs in a forest. I found it at:
>>
>> http://www.visualbasicscript.com/m_33275/tm.htm
>>
>> Copy and paste everything between the lines, paste it to a text file,
>> save it as "listDCs.vbs" (with the quotes so it will not append .txt
>> to the end of it). Then run it on a DC in each domain that you have.
>> Post the results, please.
>>
>> ======
>> Function fGetDCList()
>> ' AUTHOR: DiGiTAL SkReAM
>> ' CONTACT: digital.skream@gmail.com
>> ' DATE : 4/8/2006
>> ' COMMENT: Will return a list of all of the Domain Controllers in an
>> ' Active Directory domain.
>> Dim oRoot, sConfigNamingContext, oADOConnection, oADOCommand,
>> sADOQuery
>> Dim oRecordSet, oDC, oSite, oCat, iErr
>> fGetDCList = "N/A"
>> On Error Resume Next
>> Set oRoot = GetObject("LDAP://RootDSE")
>> iErr = Err.Number
>> On Error GoTo 0
>> If iErr = 0 Then
>> sConfigNamingContext = oRoot.Get("configurationNamingContext")
>> Set oADOCommand = CreateObject("ADODB.Command")
>> Set oADOConnection = CreateObject("ADODB.Connection")
>> oADOConnection.Provider = "ADsDSOObject"
>> oADOConnection.Open "Active Directory Provider"
>> oADOCommand.ActiveConnection = oADOConnection
>> sADOQuery = "<LDAP://" & sConfigNamingContext &
>> ">;(ObjectClass=nTDSDSA);AdsPath;subtree"
>> oADOCommand.CommandText = sADOQuery
>> oADOCommand.Properties("Page Size") = 100
>> oADOCommand.Properties("Timeout") = 30
>> oADOCommand.Properties("Cache Results") = False
>> Set oRecordSet = oADOCommand.Execute
>> Set oCat = New StringCat
>> Do Until oRecordSet.EOF
>> Set oDC = GetObject(GetObject(oRecordSet.Fields("AdsPath")).Parent)
>> oCat "Netbios_Name : " & oDC.cn
>> '"FQDN : " & oDC.DNSHostName & VbCrLf
>> oRecordSet.MoveNext
>> Loop
>> oADOConnection.Close
>> fGetDCList = oCat.Flush
>> End If
>> End Function
>> ===============
>> Thanks,
>>
>> -- Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Please reply back to the newsgroup or forum to benefit from
>> collaboration among responding engineers, and to help others benefit
>> from your resolution.
>>
>> Ace Fekay, MCT, MCTS Messaging, MCSE, MCSA 2003 & 2000, MCSA
>> Messaging
>> Microsoft Certified Trainer
>> aceman@mvps.RemoveThisPart.org
>> http://twitter.com/acefekay
>> For urgent issues, you may want to contact Microsoft PSS directly.
>> Please check http://support.microsoft.com for regional support phone
>> numbers.
>>
Re: Only boots in to AD recovery [message #159111 is a reply to message #159098] Fri, 24 July 2009 07:26 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Deb" <Deb@discussions.microsoft.com> wrote in message news:4AE3D151-0ACF-4F52-861F-421ED2D41263@microsoft.com...
> Hello Ace,
>
> 1-Well I am in the processes of reinstalling the OS on SRV1.
> 2-Now there is a second domain that I need to login to and have it seize the
> roles in order to promot jlfsrv1 to a domain controller. But due to jlfsrv1
> crashing now I am unable to unlock the console with the password that was
> used to login with.
>
> As to your question in the naming:
> The domain name was coming up as jlfsrv0 and the output on all the commands
> looked like this: jlfsrv1.jlfsrv1.workstations.jlf.local
> Now remember someone did a repair of the OS that is where I think the
> problem started. Because non of the command output show a domain named
> jlfsrv0.
> What is the best way to get the second domain to reseize the roles?
>
> It is getting late brain not working so good now.
> Thank you,
>


Hi Deb,

I'm sorry, I don't understand this question:
> What is the best way to get the second domain to reseize the roles?

If all DCs of a domain no longer exist, then the domain no longer exists to seize anything.

I agree with Meinolf, we'll need to get MORE info about your complete infrastructure. You're providing bits and pieces, but not the whole picture, which makes is extremely challenging to help you.

Did you read my suggestion to run the script and Metadata Cleanup or the script to provide us with a complete picture of the infrastructure, as well as the ipconfigs?

Ace
Re: Only boots in to AD recovery [message #159112 is a reply to message #159101] Fri, 24 July 2009 07:28 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662ad2e8cbda6b629e4192@msnews.microsoft.com...
> Hello Deb,
>
[snipped]
>
> As said earlier, when the root domain DC is crashed and you can not restore
> it or have an additioanl DC in the root, you will not be able to restore
> the forest. And you have to start complete for all child domains also from
> scratch.

Hmm, I must have missed that part. So it appears that there was only one forest root DC, and it crashed? Quite unfortunate.

Hopefully Deb will run that script I provided. I am looking forward to see the results so we can get a complete picture of the infrastructure.

Ace
Re: Only boots in to AD recovery [message #159116 is a reply to message #159111] Fri, 24 July 2009 09:16 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Hi all,

2 item, first is the JLFACC server, second rebuilding the AD on JLFSRV1:
This I do know that JLFACC does have AD & DNS running on it. Before AD took
a bump on JLFSRV1 there were no trusts showing. Now these could have been
upgraded from Windows 2000 servers. No documentation.

1-Well there is the rub I did not set it up and there are no notes on how it
was setup.
So how do I tell if the second DC SRV2 (JLFACC) is the root or a child domain?

The JLFACC server hosts ADP. I have not done anything with this server but
was logged in as administrator on at the console when JLFSRV1 crash and now
the console is locked and will not unlock with the same administrators
password.
But the ADP software is still being accessed. So the AD on server JLFACC is
still authenticating those user accounts.
There are only 4 users that have access to the ADP server I am told. That
much I know. But why will it not allow the admin not to unlock console?
I know I need to resolve this before rebuilding AD on FLFSRVR1 because like
you have said which server is/was the root AD. And if it is a total rebuild
of AD then it is.

2-Tthere is no longer a DC of JLFSRV1.
Yes I know I will have to add all the computer and user account back in to
the domain that will be built on JLFSRV1. One good thing is it’s under 20
accounts.

Hopefully this has given you a better idea of the mess I have. The person
who set this up is no longer with the company. It is a small site. Yes it
would be great if the AD on JLFSRV1 did not crash but it did.

Thank you for sticking with me, will be on site at 10am and can running the
scripts from the JLFSRV1 against what I think is the domain. This would have
been a lot easier if there was a little documentation on the AD lay out.
Thanks again,
Deb

"Ace Fekay [MCT]" wrote:

> "Deb" <Deb@discussions.microsoft.com> wrote in message news:4AE3D151-0ACF-4F52-861F-421ED2D41263@microsoft.com...
> > Hello Ace,
> >
> > 1-Well I am in the processes of reinstalling the OS on SRV1.
> > 2-Now there is a second domain that I need to login to and have it seize the
> > roles in order to promot jlfsrv1 to a domain controller. But due to jlfsrv1
> > crashing now I am unable to unlock the console with the password that was
> > used to login with.
> >
> > As to your question in the naming:
> > The domain name was coming up as jlfsrv0 and the output on all the commands
> > looked like this: jlfsrv1.jlfsrv1.workstations.jlf.local
> > Now remember someone did a repair of the OS that is where I think the
> > problem started. Because non of the command output show a domain named
> > jlfsrv0.
> > What is the best way to get the second domain to reseize the roles?
> >
> > It is getting late brain not working so good now.
> > Thank you,
> >
>
>
> Hi Deb,
>
> I'm sorry, I don't understand this question:
> > What is the best way to get the second domain to reseize the roles?
>
> If all DCs of a domain no longer exist, then the domain no longer exists to seize anything.
>
> I agree with Meinolf, we'll need to get MORE info about your complete infrastructure. You're providing bits and pieces, but not the whole picture, which makes is extremely challenging to help you.
>
> Did you read my suggestion to run the script and Metadata Cleanup or the script to provide us with a complete picture of the infrastructure, as well as the ipconfigs?
>
> Ace
>
Re: Only boots in to AD recovery [message #159117 is a reply to message #159112] Fri, 24 July 2009 09:37 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Not a program so which script should I use from
http://www.visualbasicscript.com/m_33275/tm.htm ?
sorry please help me with running this script,
Thank you

"Ace Fekay [MCT]" wrote:

> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662ad2e8cbda6b629e4192@msnews.microsoft.com...
> > Hello Deb,
> >
> [snipped]
> >
> > As said earlier, when the root domain DC is crashed and you can not restore
> > it or have an additioanl DC in the root, you will not be able to restore
> > the forest. And you have to start complete for all child domains also from
> > scratch.
>
> Hmm, I must have missed that part. So it appears that there was only one forest root DC, and it crashed? Quite unfortunate.
>
> Hopefully Deb will run that script I provided. I am looking forward to see the results so we can get a complete picture of the infrastructure.
>
> Ace
>
>
>
Re: Only boots in to AD recovery [message #159122 is a reply to message #159112] Fri, 24 July 2009 10:52 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Ace Fekay [MCT],

At the beginning was a statement about 2 Domains:

"Looking.local - should be root DC
Works.looking.local - sub DC"

That's the reason for my answer also at the start about the needed setup.
So we will see it hopefully in the output from your script.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb662ad2e8cbda6b629e4192@msnews.microsoft.com...
>
>> Hello Deb,
>>
> [snipped]
>
>> As said earlier, when the root domain DC is crashed and you can not
>> restore it or have an additioanl DC in the root, you will not be able
>> to restore the forest. And you have to start complete for all child
>> domains also from scratch.
>>
> Hmm, I must have missed that part. So it appears that there was only
> one forest root DC, and it crashed? Quite unfortunate.
>
> Hopefully Deb will run that script I provided. I am looking forward to
> see the results so we can get a complete picture of the
> infrastructure.
>
> Ace
>
Re: Only boots in to AD recovery [message #159124 is a reply to message #159117] Fri, 24 July 2009 10:58 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Function fGetDCList()
' AUTHOR: DiGiTAL SkReAM
' CONTACT: digital.skream@gmail.com
' DATE : 4/8/2006
' COMMENT: Will return a list of all of the Domain Controllers in an
' Active Directory domain.
Dim oRoot, sConfigNamingContext, oADOConnection, oADOCommand, sADOQuery
Dim oRecordSet, oDC, oSite, oCat, iErr
fGetDCList = "N/A"
On Error Resume Next
Set oRoot = GetObject("LDAP://RootDSE")
iErr = Err.Number
On Error GoTo 0
If iErr = 0 Then
sConfigNamingContext = oRoot.Get("configurationNamingContext")
Set oADOCommand = CreateObject("ADODB.Command")
Set oADOConnection = CreateObject("ADODB.Connection")
oADOConnection.Provider = "ADsDSOObject"
oADOConnection.Open "Active Directory Provider"
oADOCommand.ActiveConnection = oADOConnection
sADOQuery = "<LDAP://" & sConfigNamingContext & ">;(ObjectClass=nTDSDSA);AdsPath;subtree"
oADOCommand.CommandText = sADOQuery
oADOCommand.Properties("Page Size") = 100
oADOCommand.Properties("Timeout") = 30
oADOCommand.Properties("Cache Results") = False
Set oRecordSet = oADOCommand.Execute
Set oCat = New StringCat
Do Until oRecordSet.EOF
Set oDC = GetObject(GetObject(oRecordSet.Fields("AdsPath")).Parent)
oCat "Netbios_Name : " & oDC.cn
'"FQDN : " & oDC.DNSHostName & VbCrLf
oRecordSet.MoveNext
Loop
oADOConnection.Close
fGetDCList = oCat.Flush
End If

End Function

  • Attachment: listDCs.txt
    (Size: 0.00KB, Downloaded 47 times)
Re: Only boots in to AD recovery [message #159129 is a reply to message #159124] Fri, 24 July 2009 11:46 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
I know its something is shouled be seeing but I do not see where it is
attached as a file.
Thanks again,

"Meinolf Weber [MVP-DS]" wrote:

> Hello Deb,
>
> Ace had already copied the code into his answer from before. I will attach it as file to this posting, save the file and then download to your DC and rename it from listDCs.txt to listDCs.vbs. Now you can run the script and post the output.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Not a program so which script should I use from
> > http://www.visualbasicscript.com/m_33275/tm.htm ?
> > sorry please help me with running this script,
> > Thank you
> > "Ace Fekay [MCT]" wrote:
> >
> >> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> >> news:ff16fb662ad2e8cbda6b629e4192@msnews.microsoft.com...
> >>
> >>> Hello Deb,
> >>>
> >> [snipped]
> >>
> >>> As said earlier, when the root domain DC is crashed and you can not
> >>> restore it or have an additioanl DC in the root, you will not be
> >>> able to restore the forest. And you have to start complete for all
> >>> child domains also from scratch.
> >>>
> >> Hmm, I must have missed that part. So it appears that there was only
> >> one forest root DC, and it crashed? Quite unfortunate.
> >>
> >> Hopefully Deb will run that script I provided. I am looking forward
> >> to see the results so we can get a complete picture of the
> >> infrastructure.
> >>
> >> Ace
> >>
>
Re: Only boots in to AD recovery [message #159130 is a reply to message #159129] Fri, 24 July 2009 12:05 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Deb,

So you didn't use a newsreader? Then you have to copy the code between the lines, create a textfile with notepad and paste it there, then save it and rename the filename to listDCs.vbs :

---------------------------------------------------
Function fGetDCList()
' AUTHOR: DiGiTAL SkReAM
' CONTACT: digital.skream@gmail.com
' DATE : 4/8/2006
' COMMENT: Will return a list of all of the Domain Controllers in an
' Active Directory domain.
Dim oRoot, sConfigNamingContext, oADOConnection, oADOCommand, sADOQuery
Dim oRecordSet, oDC, oSite, oCat, iErr
fGetDCList = "N/A"
On Error Resume Next
Set oRoot = GetObject("LDAP://RootDSE")
iErr = Err.Number
On Error GoTo 0
If iErr = 0 Then
sConfigNamingContext = oRoot.Get("configurationNamingContext")
Set oADOCommand = CreateObject("ADODB.Command")
Set oADOConnection = CreateObject("ADODB.Connection")
oADOConnection.Provider = "ADsDSOObject"
oADOConnection.Open "Active Directory Provider"
oADOCommand.ActiveConnection = oADOConnection
sADOQuery = "<LDAP://" & sConfigNamingContext & ">;(ObjectClass=nTDSDSA);AdsPath;subtree"
oADOCommand.CommandText = sADOQuery
oADOCommand.Properties("Page Size") = 100
oADOCommand.Properties("Timeout") = 30
oADOCommand.Properties("Cache Results") = False
Set oRecordSet = oADOCommand.Execute
Set oCat = New StringCat
Do Until oRecordSet.EOF
Set oDC = GetObject(GetObject(oRecordSet.Fields("AdsPath")).Parent)
oCat "Netbios_Name : " & oDC.cn
'"FQDN : " & oDC.DNSHostName & VbCrLf
oRecordSet.MoveNext
Loop
oADOConnection.Close
fGetDCList = oCat.Flush
End If

End Function
---------------------------------------------------

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I know its something is shouled be seeing but I do not see where it is
> attached as a file.
> Thanks again,
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Deb,
>>
>> Ace had already copied the code into his answer from before. I will
>> attach it as file to this posting, save the file and then download to
>> your DC and rename it from listDCs.txt to listDCs.vbs. Now you can
>> run the script and post the output.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Not a program so which script should I use from
>>> http://www.visualbasicscript.com/m_33275/tm.htm ?
>>> sorry please help me with running this script,
>>> Thank you
>>> "Ace Fekay [MCT]" wrote:
>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>> news:ff16fb662ad2e8cbda6b629e4192@msnews.microsoft.com...
>>>>
>>>>> Hello Deb,
>>>>>
>>>> [snipped]
>>>>
>>>>> As said earlier, when the root domain DC is crashed and you can
>>>>> not restore it or have an additioanl DC in the root, you will not
>>>>> be able to restore the forest. And you have to start complete for
>>>>> all child domains also from scratch.
>>>>>
>>>> Hmm, I must have missed that part. So it appears that there was
>>>> only one forest root DC, and it crashed? Quite unfortunate.
>>>>
>>>> Hopefully Deb will run that script I provided. I am looking forward
>>>> to see the results so we can get a complete picture of the
>>>> infrastructure.
>>>>
>>>> Ace
>>>>

--
Re: Only boots in to AD recovery [message #159132 is a reply to message #159116] Fri, 24 July 2009 12:48 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Deb" <Deb@discussions.microsoft.com> wrote in message news:8C6E361E-FB29-4EA0-A071-C6A0FF8DB63D@microsoft.com...
> Hi all,
>
> 2 item, first is the JLFACC server, second rebuilding the AD on JLFSRV1:
> This I do know that JLFACC does have AD & DNS running on it. Before AD took
> a bump on JLFSRV1 there were no trusts showing. Now these could have been
> upgraded from Windows 2000 servers. No documentation.
>
> 1-Well there is the rub I did not set it up and there are no notes on how it
> was setup.
> So how do I tell if the second DC SRV2 (JLFACC) is the root or a child domain?
>
> The JLFACC server hosts ADP. I have not done anything with this server but
> was logged in as administrator on at the console when JLFSRV1 crash and now
> the console is locked and will not unlock with the same administrators
> password.
> But the ADP software is still being accessed. So the AD on server JLFACC is
> still authenticating those user accounts.
> There are only 4 users that have access to the ADP server I am told. That
> much I know. But why will it not allow the admin not to unlock console?
> I know I need to resolve this before rebuilding AD on FLFSRVR1 because like
> you have said which server is/was the root AD. And if it is a total rebuild
> of AD then it is.
>
> 2-Tthere is no longer a DC of JLFSRV1.
> Yes I know I will have to add all the computer and user account back in to
> the domain that will be built on JLFSRV1. One good thing is it’s under 20
> accounts.
>
> Hopefully this has given you a better idea of the mess I have. The person
> who set this up is no longer with the company. It is a small site. Yes it
> would be great if the AD on JLFSRV1 did not crash but it did.
>
> Thank you for sticking with me, will be on site at 10am and can running the
> scripts from the JLFSRV1 against what I think is the domain. This would have
> been a lot easier if there was a little documentation on the AD lay out.
> Thanks again,
> Deb


Deb:

"> So how do I tell if the second DC SRV2 (JLFACC) is the root or a child domain?"

The domain name it is part of (the Primary DNS Suffix of the machine, if correct) will tell you, that is if you know the domain names above it in the hierarchal structure of the DNS name, is not a domain. The ntdsutil or running that script I provided will tell you exactly.

If you provide an ipconfig /all of all DCs in your domain, we can tell you.

You have a lot going on. As I mentioned, with the bits and spurts you are providing us, makes it extremely challenging to assist.

Ace
Re: Only boots in to AD recovery [message #159133 is a reply to message #159122] Fri, 24 July 2009 12:51 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662adc28cbdaa702eb7345@msnews.microsoft.com...
> Hello Ace Fekay [MCT],
>
> At the beginning was a statement about 2 Domains:
>
> "Looking.local - should be root DC
> Works.looking.local - sub DC"
>
> That's the reason for my answer also at the start about the needed setup.
> So we will see it hopefully in the output from your script.
>


Yea, I was trying to follow the thread, but so many postings, and each post has little pieces of the domain, with lots of other information, but nothing specific about the infrastructure. So hopefully that script will help.

Ace
Re: Only boots in to AD recovery [message #159134 is a reply to message #159130] Fri, 24 July 2009 13:13 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb662aded8cbdab12bd57ee5@msnews.microsoft.com...

Meinolf/Deb,

I found a better script. I tested this and it works nicely.

I substituted what I believe your domain names are, but honestly, I believe you've changed the names in your posts, so I will need YOU to enter all the domains you are aware of.
read throug in the top of the script for the line that says "'put your domains in below ." In the line directly below it, if the domain names I put in are wrong, please subsitute the names in the quotes for all of the ACTUAL domain names you are aware of you have.

Honestly, the ntdsutil is easier than this, but I'm trying to make it easier for you by having to avoid you to actually use the command line tools.

Thanks.

'=========================================================== ===============
'
' VBScript Source File -- Created with SAPIEN Technologies PrimalScript 4.0
'
' NAME: getadroles.vbs
'
' AUTHOR: Kirrilian
' DATE : 11/3/2005
'
' COMMENT: just run it, preferably with cscript :)
' code liberally hacked/borrowed from the script repository
'=========================================================== ===============
'put your domains in below
domains = Array("workstations", "jlf1", "jlfsrv1", "'srv1")

For Each domain In domains
WScript.Echo "*********** Querying: " & domain & " *************"
getdomaininfo domain
WScript.echo
Next

Sub getdomaininfo(domain)
'needed for the gc queries
On Error Resume Next

Set objRootDSE = GetObject("LDAP://" & domain & "/rootDSE")

'ugly code follows...
Set objSchema = GetObject _
("LDAP://" & objRootDSE.Get("schemaNamingContext"))
strSchemaMaster = objSchema.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strSchemaMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Forest-wide Schema Master FSMO: " & objComputer.Name

Set objNtds = Nothing
Set objComputer = Nothing

Set objPartitions = GetObject("LDAP://CN=Partitions," & _
objRootDSE.Get("configurationNamingContext"))
strDomainNamingMaster = objPartitions.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strDomainNamingMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Forest-wide Domain Naming Master FSMO: " & objComputer.Name

Set objDomain = GetObject _
("LDAP://" & objRootDSE.Get("defaultNamingContext"))
strPdcEmulator = objDomain.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strPdcEmulator)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Domain's PDC Emulator FSMO: " & objComputer.Name

Set objRidManager = GetObject("LDAP://CN=RID Manager$,CN=System," & _
objRootDSE.Get("defaultNamingContext"))
strRidMaster = objRidManager.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strRidMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Domain's RID Master FSMO: " & objComputer.Name

Set objInfrastructure = GetObject("LDAP://CN=Infrastructure," & _
objRootDSE.Get("defaultNamingContext"))
strInfrastructureMaster = objInfrastructure.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strInfrastructureMaster)
Set objComputer = GetObject(objNtds.Parent)
WScript.Echo "Domain's Infrastructure Master FSMO: " & objComputer.Name

'check for global catalogs
Const NTDSDSA_OPT_IS_GC = 1
Set objGC = GetObject("LDAP://OU=Domain Controllers," & _
objRootDSE.Get("defaultNamingContext"))
For Each gc In objGC
'clean up the ldap response
gc = Replace(gc.name, "CN=", "")
Set objRootDSE = GetObject("LDAP://" & gc & "/rootDSE")
strDsServiceDN = objRootDSE.Get("dsServiceName")
Set objDsRoot = GetObject("LDAP://" & gc & "/" & strDsServiceDN)
'this doesnt always exist therefore we have to use on error resume next
intOptions = objDsRoot.Get("options")
'check to see if the previous command failed with the err.number function
If intOptions And NTDSDSA_OPT_IS_GC and err.Number = 0 Then
WScript.Echo gc & " is a global catalog server."
Else
WScript.Echo gc & " isnt up or isnt a global catalog server."
Err.Clear
End If
next

End Sub 'getdomaininfo
==============

Ace
Re: Only boots in to AD recovery [message #159135 is a reply to message #159133] Fri, 24 July 2009 13:14 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Ace Fekay [MCT],

You are correct, i am still waiting for the answer to my question what happens
when the crashed server is started normally.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb662adc28cbdaa702eb7345@msnews.microsoft.com...
>
>> Hello Ace Fekay [MCT],
>>
>> At the beginning was a statement about 2 Domains:
>>
>> "Looking.local - should be root DC
>> Works.looking.local - sub DC"
>> That's the reason for my answer also at the start about the needed
>> setup. So we will see it hopefully in the output from your script.
>>
> Yea, I was trying to follow the thread, but so many postings, and each
> post has little pieces of the domain, with lots of other information,
> but nothing specific about the infrastructure. So hopefully that
> script will help.
>
> Ace
>
Re: Only boots in to AD recovery [message #159143 is a reply to message #159130] Fri, 24 July 2009 14:21 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Hello Meinolf,

First off thank you.
Good news found the root DC and will be running script on it.
Turns out it was the switch hookup that caused me not to login to JLFacc dc.
Ok the problem one more time was between the keyboard and chair.

Thank you,
Deb

"Meinolf Weber [MVP-DS]" wrote:

> Hello Deb,
>
> So you didn't use a newsreader? Then you have to copy the code between the lines, create a textfile with notepad and paste it there, then save it and rename the filename to listDCs.vbs :
>
> ---------------------------------------------------
> Function fGetDCList()
> ' AUTHOR: DiGiTAL SkReAM
> ' CONTACT: digital.skream@gmail.com
> ' DATE : 4/8/2006
> ' COMMENT: Will return a list of all of the Domain Controllers in an
> ' Active Directory domain.
> Dim oRoot, sConfigNamingContext, oADOConnection, oADOCommand, sADOQuery
> Dim oRecordSet, oDC, oSite, oCat, iErr
> fGetDCList = "N/A"
> On Error Resume Next
> Set oRoot = GetObject("LDAP://RootDSE")
> iErr = Err.Number
> On Error GoTo 0
> If iErr = 0 Then
> sConfigNamingContext = oRoot.Get("configurationNamingContext")
> Set oADOCommand = CreateObject("ADODB.Command")
> Set oADOConnection = CreateObject("ADODB.Connection")
> oADOConnection.Provider = "ADsDSOObject"
> oADOConnection.Open "Active Directory Provider"
> oADOCommand.ActiveConnection = oADOConnection
> sADOQuery = "<LDAP://" & sConfigNamingContext & ">;(ObjectClass=nTDSDSA);AdsPath;subtree"
> oADOCommand.CommandText = sADOQuery
> oADOCommand.Properties("Page Size") = 100
> oADOCommand.Properties("Timeout") = 30
> oADOCommand.Properties("Cache Results") = False
> Set oRecordSet = oADOCommand.Execute
> Set oCat = New StringCat
> Do Until oRecordSet.EOF
> Set oDC = GetObject(GetObject(oRecordSet.Fields("AdsPath")).Parent)
> oCat "Netbios_Name : " & oDC.cn
> '"FQDN : " & oDC.DNSHostName & VbCrLf
> oRecordSet.MoveNext
> Loop
> oADOConnection.Close
> fGetDCList = oCat.Flush
> End If
>
> End Function
> ---------------------------------------------------
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > I know its something is shouled be seeing but I do not see where it is
> > attached as a file.
> > Thanks again,
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Deb,
> >>
> >> Ace had already copied the code into his answer from before. I will
> >> attach it as file to this posting, save the file and then download to
> >> your DC and rename it from listDCs.txt to listDCs.vbs. Now you can
> >> run the script and post the output.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> Not a program so which script should I use from
> >>> http://www.visualbasicscript.com/m_33275/tm.htm ?
> >>> sorry please help me with running this script,
> >>> Thank you
> >>> "Ace Fekay [MCT]" wrote:
> >>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> >>>> news:ff16fb662ad2e8cbda6b629e4192@msnews.microsoft.com...
> >>>>
> >>>>> Hello Deb,
> >>>>>
> >>>> [snipped]
> >>>>
> >>>>> As said earlier, when the root domain DC is crashed and you can
> >>>>> not restore it or have an additioanl DC in the root, you will not
> >>>>> be able to restore the forest. And you have to start complete for
> >>>>> all child domains also from scratch.
> >>>>>
> >>>> Hmm, I must have missed that part. So it appears that there was
> >>>> only one forest root DC, and it crashed? Quite unfortunate.
> >>>>
> >>>> Hopefully Deb will run that script I provided. I am looking forward
> >>>> to see the results so we can get a complete picture of the
> >>>> infrastructure.
> >>>>
> >>>> Ace
> >>>>
>
Re: Only boots in to AD recovery [message #159146 is a reply to message #159130] Fri, 24 July 2009 14:52 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
I am not getting any output from the script.
any ideas why?

"Meinolf Weber [MVP-DS]" wrote:

> Hello Deb,
>
> So you didn't use a newsreader? Then you have to copy the code between the lines, create a textfile with notepad and paste it there, then save it and rename the filename to listDCs.vbs :
>
> ---------------------------------------------------
> Function fGetDCList()
> ' AUTHOR: DiGiTAL SkReAM
> ' CONTACT: digital.skream@gmail.com
> ' DATE : 4/8/2006
> ' COMMENT: Will return a list of all of the Domain Controllers in an
> ' Active Directory domain.
> Dim oRoot, sConfigNamingContext, oADOConnection, oADOCommand, sADOQuery
> Dim oRecordSet, oDC, oSite, oCat, iErr
> fGetDCList = "N/A"
> On Error Resume Next
> Set oRoot = GetObject("LDAP://RootDSE")
> iErr = Err.Number
> On Error GoTo 0
> If iErr = 0 Then
> sConfigNamingContext = oRoot.Get("configurationNamingContext")
> Set oADOCommand = CreateObject("ADODB.Command")
> Set oADOConnection = CreateObject("ADODB.Connection")
> oADOConnection.Provider = "ADsDSOObject"
> oADOConnection.Open "Active Directory Provider"
> oADOCommand.ActiveConnection = oADOConnection
> sADOQuery = "<LDAP://" & sConfigNamingContext & ">;(ObjectClass=nTDSDSA);AdsPath;subtree"
> oADOCommand.CommandText = sADOQuery
> oADOCommand.Properties("Page Size") = 100
> oADOCommand.Properties("Timeout") = 30
> oADOCommand.Properties("Cache Results") = False
> Set oRecordSet = oADOCommand.Execute
> Set oCat = New StringCat
> Do Until oRecordSet.EOF
> Set oDC = GetObject(GetObject(oRecordSet.Fields("AdsPath")).Parent)
> oCat "Netbios_Name : " & oDC.cn
> '"FQDN : " & oDC.DNSHostName & VbCrLf
> oRecordSet.MoveNext
> Loop
> oADOConnection.Close
> fGetDCList = oCat.Flush
> End If
>
> End Function
> ---------------------------------------------------
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > I know its something is shouled be seeing but I do not see where it is
> > attached as a file.
> > Thanks again,
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello Deb,
> >>
> >> Ace had already copied the code into his answer from before. I will
> >> attach it as file to this posting, save the file and then download to
> >> your DC and rename it from listDCs.txt to listDCs.vbs. Now you can
> >> run the script and post the output.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> Not a program so which script should I use from
> >>> http://www.visualbasicscript.com/m_33275/tm.htm ?
> >>> sorry please help me with running this script,
> >>> Thank you
> >>> "Ace Fekay [MCT]" wrote:
> >>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> >>>> news:ff16fb662ad2e8cbda6b629e4192@msnews.microsoft.com...
> >>>>
> >>>>> Hello Deb,
> >>>>>
> >>>> [snipped]
> >>>>
> >>>>> As said earlier, when the root domain DC is crashed and you can
> >>>>> not restore it or have an additioanl DC in the root, you will not
> >>>>> be able to restore the forest. And you have to start complete for
> >>>>> all child domains also from scratch.
> >>>>>
> >>>> Hmm, I must have missed that part. So it appears that there was
> >>>> only one forest root DC, and it crashed? Quite unfortunate.
> >>>>
> >>>> Hopefully Deb will run that script I provided. I am looking forward
> >>>> to see the results so we can get a complete picture of the
> >>>> infrastructure.
> >>>>
> >>>> Ace
> >>>>
>
Re: Only boots in to AD recovery [message #159147 is a reply to message #159135] Fri, 24 July 2009 15:36 Go to previous messageGo to next message
Deb  is currently offline Deb
Messages: 44
Registered: July 2009
Member
Good news
I have the root domain.
Forest-wide schema master FSMO NC=JLFACC
Forest-wide Domain Naming Master FSMO=JLFACC
Domain’s PDC Emulator FSMO CN=JLFACC
Domain’s RID Master FSMO CN=JLFACC
Domain’s Infrastructure Master FSMO CN=JLFACC
JLFACC is a Global Catalog Server

Query Local (which I had as looking) reported ISNT up or ISNT Global Catalog
Server

Now to build JLFSRV1 as a second DC.

Now to make sure DNS is set correctly.
Thank you again.

"Meinolf Weber [MVP-DS]" wrote:

> Hello Ace Fekay [MCT],
>
> You are correct, i am still waiting for the answer to my question what happens
> when the crashed server is started normally.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> > news:ff16fb662adc28cbdaa702eb7345@msnews.microsoft.com...
> >
> >> Hello Ace Fekay [MCT],
> >>
> >> At the beginning was a statement about 2 Domains:
> >>
> >> "Looking.local - should be root DC
> >> Works.looking.local - sub DC"
> >> That's the reason for my answer also at the start about the needed
> >> setup. So we will see it hopefully in the output from your script.
> >>
> > Yea, I was trying to follow the thread, but so many postings, and each
> > post has little pieces of the domain, with lots of other information,
> > but nothing specific about the infrastructure. So hopefully that
> > script will help.
> >
> > Ace
> >
>
>
>
Re: Only boots in to AD recovery [message #159148 is a reply to message #159147] Fri, 24 July 2009 15:47 Go to previous messageGo to previous message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Deb,

JLFACC seems to be the root Domain Controller, is this the crashed one or
not? Also you have to different root domain name and root DC, you found the
root domain controller, the name we hopefully see in one of your next postings.

Are you able to start it or not?

If you are able to logon please run dcdiag /v and post the unedited output.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Good news
> I have the root domain.
> Forest-wide schema master FSMO NC=JLFACC
> Forest-wide Domain Naming Master FSMO=JLFACC
> Domain's PDC Emulator FSMO CN=JLFACC
> Domain's RID Master FSMO CN=JLFACC
> Domain's Infrastructure Master FSMO CN=JLFACC
> JLFACC is a Global Catalog Server
> Query Local (which I had as looking) reported ISNT up or ISNT Global
> Catalog Server
>
> Now to build JLFSRV1 as a second DC.
>
> Now to make sure DNS is set correctly.
> Thank you again.
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Ace Fekay [MCT],
>>
>> You are correct, i am still waiting for the answer to my question
>> what happens when the crashed server is started normally.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news:ff16fb662adc28cbdaa702eb7345@msnews.microsoft.com...
>>>
>>>> Hello Ace Fekay [MCT],
>>>>
>>>> At the beginning was a statement about 2 Domains:
>>>>
>>>> "Looking.local - should be root DC
>>>> Works.looking.local - sub DC"
>>>> That's the reason for my answer also at the start about the needed
>>>> setup. So we will see it hopefully in the output from your script.
>>> Yea, I was trying to follow the thread, but so many postings, and
>>> each post has little pieces of the domain, with lots of other
>>> information, but nothing specific about the infrastructure. So
>>> hopefully that script will help.
>>>
>>> Ace
>>>
Previous Topic:ntlm / kerberos
Next Topic:AD forest database corrupted!
Goto Forum:
  


Current Time: Sat Jan 20 08:30:13 MST 2018

Total time taken to generate the page: 0.04697 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software