Announcement

Collapse
No announcement yet.

logon to ADC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • logon to ADC

    We have one windows 2003 active directory with 300 users , I have another
    server dcpromo option "additional domain controller for an existing domain.

    all users and groups has been replicated with my active directory domain
    controller . Unfortunately my primary domain controller is down .

    Please help me to promote/convert my additional domain controller server
    to primary domain controller .
    How mu client can logon to this ADC?
    Please help me .

  • #2
    Re: logon to ADC

    How down is it? Permanently?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: logon to ADC

      When a server is promoted to DC, a SRV record is created in AD. When a user/computer tries to authenticate to the domain, it will request the DNS server for this record. Your first DC whent down but the one you promoted is still online. So this DC would authenticate the users. The only problem you face, is that the FSMO roles and the GC are unavailable, because these roles where managed by the first dc in your organisation (by default).

      The second question that comes to mind, is how down that first DC is.
      If it can be brought online again, it is adviced to do so. If not, than you need to seize the FSMO roles to your second DC. If you do this, you CANNOT bring the old DC online again without formating the hard drive. Once you have seized the FSMO roles, you can make your existing server a GC.
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment


      • #4
        Re: logon to ADC

        Another pointer regarding this, to seize roles, should you need to, you use 'ntdsutil'. AD Users and Computers may allow you to seize two of the Domain Roles but I seized roles from a server a few months ago and entirely used ntdsutil. Once seized, make sure that the server is never brought back on the domain. It will need to be reinstalled.

        Comment


        • #5
          Re: logon to ADC

          Originally posted by Virtual View Post
          Another pointer regarding this, to seize roles, should you need to, you use 'ntdsutil'. AD Users and Computers may allow you to seize two of the Domain Roles but I seized roles from a server a few months ago and entirely used ntdsutil. Once seized, make sure that the server is never brought back on the domain. It will need to be reinstalled.
          You CAN do this with NTDSUTIL, yes... but it's also do-able with the GUI tools... ADU & C as you said; AD Domains and Trusts; AD Sites and Services (I think - it's not something you do every day).


          Tom
          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

          Anything you say will be misquoted and used against you

          Comment


          • #6
            Re: logon to ADC

            Pay attention on Virtual post!
            Be aware when you seize roles, the server that is down must not become avaiable online, so after seizing all FSMO roles, don't try to put it on your LAN.
            Some roles can be returned back, PDC and Infrastructure master role. Others can't!
            You then need to reinstall server that is down, then promote him as new DC
            Last edited by alien_ri; 20th September 2008, 02:05.

            Comment

            Working...
            X