Announcement

Collapse
No announcement yet.

Problem dcpromo win2k3

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem dcpromo win2k3

    Hi,

    i'm experencieng problem during dcpromo of new dc 2k3. I have upgraded the schema of my win2k domain to win2k3. I have 3 DC in my domain and everything worked fine for many month.
    Last week my DC with all fsmo roles experienced problem of corruption of ntds.dit i have repaired the file in directory restore mode but i have stopped of the replication to the other dc.
    For moving my AD to new server i have tried to dcpromo with a new windows 2003 server but failed.

    What can i perform it?

    thanks

  • #2
    Re: Problem dcpromo win2k3

    I have tried in my lab, but the only way is to open the replica, because the new dc win2k3 need to connect to the "main" dc (owner of the fsmo roles).

    Anybody experience problem with ad after repairing ntds.dit with esntuti?

    thanksl

    Comment


    • #3
      Re: Problem dcpromo win2k3

      Have you used eseutil, isinteg or ntdsutil ?
      As far as I know, you should be fixing the DIT only using ntdsutil.

      In your place, I would dcpromo the DC down and re-promote it back. If it refuses to dcpromo down cleanly, use "dcpromo /forceremoval" and clean up the metadata after the AD is removed from the faulty DC. Then dcpromo it back.
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Re: Problem dcpromo win2k3

        Yes,

        i have fixed the dit file with esentutil and it worked, but microsoft suggest after repairing the ntds.dit file with this tool to migrate domain.

        http://support.microsoft.com/kb/258062/en-us
        18.If you can start the domain controller in normal mode after the repair, migrate relevant Active Directory objects to a new forest as soon as possible. Because this lossy repair method fixes corruption by deleting data, it can cause later problems that are extremely difficult to troubleshoot. At the first opportunity after the repair, you must rebuild the domain to bring Active Directory back to a supported configuration.

        Do you understand what does " you must rebuild the domain to bring Active Directory back to a supported configuration" mean?

        I'm thinking to:

        - reopen the outbound replica from DC (it has fsmo roles)
        - Move roles to new DC
        - dcpromo for demoting
        - insert new dc 2k3

        Now is 10 days the the DC has the outbound replica stopped do you experience any kind of problem? The usn is now old so i suppose that it must pull the replica not push.

        thanks

        Comment


        • #5
          Re: Problem dcpromo win2k3

          > you must rebuild the domain to bring Active Directory back to a supported configuration

          In the context of this article it means giving up the old forest, and to move all object to a new forest. MS does not guarantee anything after running esentutl. The database you end up with may be completely bogus.

          > usn is now old so i suppose that it must pull the replica not push

          AD replication is always 'pull'. Push in this situation means telling a machine to pull. 10 days is no problem. Tombstone lifetime is 60 days.

          - reopen the outbound replica from DC (it has fsmo roles)
          - Move roles to new DC
          - dcpromo for demoting
          - insert new dc 2k3
          That is probably not going to work anymore. Seems like the database is truly corrupt. If you don't want to follow the MS advice above, try:

          - make sure good-DC is a Global Catalog
          - on bad-DC, dcpromo /forceremoval
          - on good-DC, seize all 5 FSMO roles
          - on good-DC, metadata cleanup to remove bad-DC.


          -

          Comment


          • #6
            Re: Problem dcpromo win2k3

            So, is it better to not reopen the replica from the bad-DC?

            what does the dcpromo /forceremoval do?

            I have all the other two DC Global Catalog.

            Comment

            Working...
            X