Announcement

Collapse
No announcement yet.

What is the best route?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • What is the best route?

    I have a DC that is a DHCP/File server that is not replicating and is past the tombstone lifetime. What is the best route to take for taking AD off of it?

    It thinks it hold the PDC and Infrastructure roles but those roles are being handled by another DC. How many DC's can hold the "domain-wide" roles at the same time?

    I thought about transfering the roles, but those roles are already being handled by another DC. I thought about doing a "dcpromo /forceremoval" but am afraid of disrupting anyhing at work.

    What would be the best route to take here?

    Here is the whole picture

    DC1 - AD
    Role/ PDC
    Considered the "main" DC.

    DC2 - AD
    Role/ Schema, Domain, Infrastructure, and RID
    A good DC but is going to be replaced soon.

    DC3 - AD <this is the problem DC>
    Role(s)/ PDC and Infrastructure
    No Replication at all

    DC4 - AD
    Role(s) 0
    Problems replicating with DC5

    DC5 - AD
    Role(s) 0
    Just recently added to domain

    Thanks!
    Last edited by Mudd; 2nd June 2008, 21:25.

  • #2
    Re: What is the best route?

    Is Dc3 A Gc?
    What do I know, I am only 26.

    Comment


    • #3
      Re: What is the best route?

      I logged into that DC and within Sites and Services, under NTDS properties the global catalog box is not checked for that DC.

      DC1 - AD (Global Catalog)
      Role/ PDC
      Considered the "main" DC.

      DC2 - AD (Global Catalog)
      Role/ Schema, Domain, Infrastructure, and RID
      A good DC but is going to be replaced soon.

      DC3 - AD <this is the problem DC>
      Role(s)/ PDC and Infrastructure
      No Replication at all

      DC4 - AD
      Role(s) 0
      Problems replicating with DC5

      DC5 - AD
      Role(s) 0
      Just recently added to domain
      Last edited by Mudd; 2nd June 2008, 22:25.

      Comment


      • #4
        Re: What is the best route?

        Originally posted by Mudd View Post
        I logged into that DC and within Sites and Services, under NTDS properties the global catalog box is not checked for that DC.

        DC1 - AD (Global Catalog)
        Role/ PDC
        Considered the "main" DC.

        DC2 - AD (Global Catalog)
        Role/ Schema, Domain, Infrastructure, and RID
        A good DC but is going to be replaced soon.

        DC3 - AD <this is the problem DC>
        Role(s)/ PDC and Infrastructure
        No Replication at all

        DC4 - AD
        Role(s) 0
        Problems replicating with DC5

        DC5 - AD
        Role(s) 0
        Just recently added to domain
        Are all of these servers in the same domain??

        As far as i'm aware you can only have 1 PDC Emulator and 1 Infrastructure Master per Domain.

        Can you please check your FSMO roles again.

        Comment


        • #5
          Re: What is the best route?

          The other DC's dont even see DC3 and vice-versa. I want to be able to take this DC out of the picture completely. It thinks it is the PDC & Infrastructure role holder but as far as the other DC's are concern that is not the case. What route should I take as far as taking AD off of this DC and just making it a member server? I can't do dcpromo cause it fails and I'm afraid to do a force removal fearing it would cause more havok. I thought about transfering the roles trying to make it think it doesn't have the roles anymore, but would that effect the other DC's?

          Oh and yes, they are all part of the same domain.

          What route should I take?

          DC1 - AD (Global Catalog)
          Role/ PDC
          Considered the "main" DC.

          DC2 - AD (Global Catalog)
          Role/ Schema, Domain, Infrastructure, and RID
          A good DC but is going to be replaced soon.

          DC3 - AD <this is the problem DC>
          Role(s)/ PDC and Infrastructure
          No Replication at all

          DC4 - AD
          Role(s) 0
          Problems replicating with DC5

          DC5 - AD
          Role(s) 0
          Just recently added to domain

          Comment


          • #6
            Re: What is the best route?

            You can't transfer the roles though as the domain can only have one PDC and one Infrastructure server.

            You currently have

            PDC Emulator

            DC1 and DC3

            Infrastructure Master

            DC2 and DC3

            Do this

            http://technet2.microsoft.com/window....mspx?mfr=true

            And it will tell you what the domian thinks are your PDC and Infrastructure roles

            Comment


            • #7
              Re: What is the best route?

              Hmmm, got an error running that. I wonder what that might mean?

              C:\Documents and Settings\john.doe>dsquery server-hasfsmopdc
              dsquery failed:The parameter is incorrect.:Incorrect object type specified.
              type dsquery /? for help.

              Comment


              • #8
                Re: What is the best route?

                It should be

                dsquery server -hasfsmo pdc

                Looks like the website is wrong lol.

                Comment


                • #9
                  Re: What is the best route?

                  Ok, after running that query the domain states that DC1 in the PDC role holder and not DC3. If I run "netdom query fsmo" on DC3 it think it holds the PDC and Infrastructure roles while DC2 holds the other three. Should I just "dcpromo /forceremoval" on that DC?


                  DC1 - AD (Global Catalog)
                  Role/ PDC
                  Other roles held by DC2
                  Considered the "main" DC.

                  DC2 - AD (Global Catalog)
                  Role/ Schema, Domain, Infrastructure, and RID
                  Other role held by DC1
                  A good DC but is going to be replaced soon.

                  DC3 - AD <this is the problem DC>
                  Role(s)/ PDC and Infrastructure
                  Other roles held by DC2
                  No Replication at all
                  Past tombstone

                  DC4 - AD
                  Role(s) 0
                  DC1-PDC
                  DC2-Schema, Infras, Domain, RID
                  Problems replicating with DC5
                  Past tombstone

                  DC5 - AD
                  Role(s) 0
                  DC1-PDC
                  DC2-Schema, Infras, Domain, RID
                  Just recently added to domain

                  Comment


                  • #10
                    Re: What is the best route?

                    I am not going to say "YES" but it defentily is messed up, because you can only have 1 pdc on the domain, not two computers with the same role.

                    First thing is first if you decide to force remove the system, please do a system state backup. Also, since you say you have the roles on that server please be aware that if you force remove then say something happens you will need to sieze the roles
                    http://support.microsoft.com/kb/255504
                    What do I know, I am only 26.

                    Comment


                    • #11
                      Re: What is the best route?

                      Originally posted by GrantThomas View Post
                      I am not going to say "YES" but it defentily is messed up, because you can only have 1 pdc on the domain, not two computers with the same role.

                      First thing is first if you decide to force remove the system, please do a system state backup. Also, since you say you have the roles on that server please be aware that if you force remove then say something happens you will need to sieze the roles
                      http://support.microsoft.com/kb/255504
                      But he won't be able to seize the roles as another server has them.

                      I would do a force remove then clean up any metadata left in AD and start again.

                      Comment


                      • #12
                        Re: What is the best route?

                        Originally posted by wullieb1 View Post
                        But he won't be able to seize the roles as another server has them.

                        I would do a force remove then clean up any metadata left in AD and start again.
                        Yeah, I read something wrong stating somehow he thought he had two PDC'S and one functioned and one didnt, thought if that server he was taking down was the actually PDC he would have to sieze later.
                        What do I know, I am only 26.

                        Comment


                        • #13
                          Re: What is the best route?

                          Originally posted by GrantThomas View Post
                          Yeah, I read something wrong stating somehow he thought he had two PDC'S and one functioned and one didnt, thought if that server he was taking down was the actually PDC he would have to sieze later.
                          From what i can gather the affected server is the one that is NOT seen by AD as the PDC so it should be ok.

                          Comment


                          • #14
                            Re: What is the best route?

                            Forceably removed AD from that DC and everything turned out ok. It was running DHCP and that stopped working, but after a restart of DHCP everything came out ok.

                            Thanks guys!

                            Comment


                            • #15
                              Re: What is the best route?

                              Originally posted by Mudd View Post
                              Forceably removed AD from that DC and everything turned out ok. It was running DHCP and that stopped working, but after a restart of DHCP everything came out ok.

                              Thanks guys!
                              Excellent. Glad to see its now fixed.

                              Comment

                              Working...
                              X