Announcement

Collapse
No announcement yet.

Server 2003 DCpromo error on removal

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Server 2003 DCpromo error on removal

    Hello,

    I have 3 server 2003 DCs. I'm having some replication issues and I thought maybe I will remove one of them, reinstall the OS, promote it to a DC again and have it replicate as a new DC.

    When I run DCpromo to remove the DC role I get an error:

    The operation failed because: Active Directory could not transfer the remaining data in directory partition CN=Schema,CN=Configuration,DC=office,DC=domain,DC= com to domain controller example.office.domain.com. "Access is denied."

    when I look at the"example" DC in the event viewer security log I see an Error 529 Source Security, Logon type 3 User NT Authority\system.

    Any ideas? I did consider just formatting the DC I was trying to remove and adding it back but I don't want to leave an orphaned DC in there and possibly creat more problems. Besides if I just reinstalled it and used the samename would I be right back where I was?

    any ideas? Thanks,

    Brian

  • #2
    Re: Server 2003 DCpromo error on removal

    You can't simply delete or destroy a DC without cleaning up AD, before you replace the lost server with another to be re-promoted. Since you have 2 running DCs, make sure the FSMO roles are working on them and you have stable replication between them. THEN use 'ntdsutil' to remove all references to the 3rd DC you want to get rid of. Make sure that your DNS doesn't refer in any way to that removed 3rd DC. If you don't have 2 working DCs, you'll want to fix that before you go any further.

    Once that's done, then rebuild the 3rd DC from scratch. Join to the domain, verify Group Policy applies correctly, apply updates, etc. THEN run dcpromo as you normally would.

    If all goes well, you're back to where you want to be.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: Server 2003 DCpromo error on removal

      The Server I'm trying to remove is also a DNS server. It is 1 of 2 DNS servers. This is also a role I will add back to the server when I rebuild it. How do I remove references so other machines don't look for this DNS server?

      Does it make more sense to get all 3 of the DCs working and then remove the one I don't need anymore?

      Thanks,

      Brian
      Last edited by Vuotto; 21st June 2013, 19:29. Reason: new idea

      Comment


      • #4
        Re: Server 2003 DCpromo error on removal

        as long as you have 2 working DCs, 1 working DNS server, and one of the two working DCs holds the FSMO roles, you can "brutally" remove the 3rd one.
        Power it off, wipe the disk.

        Then, do a Metadata cleanup (the petri site has this article)
        then rebuild the new 3rd DC.
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Server 2003 DCpromo error on removal

          Vuotto: since your DNS is AD-integrated, when you do the metadata cleanup, the DNS entries for the DC you just threw out will be removed. And so the clients won't try to contact it.
          *RicklesP*
          MSCA (2003/XP), Security+, CCNA

          ** Remember: credit where credit is due, and reputation points as appropriate **

          Comment


          • #6
            Originally posted by Vuotto View Post
            Hello,

            I have 3 server 2003 DCs. I'm having some replication issues and I thought maybe I will remove one of them, reinstall the OS, promote it to a DC again and have it replicate as a new DC.


            Brian
            Destroying or deleting a DC won't work.

            Comment


            • #7
              Yes it will, as long as you do a metadata cleanup too.

              Although after 3 years, I hope the OP isn't still waiting for an answer
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment

              Working...
              X