Announcement

Collapse
No announcement yet.

Join server 2008 to exsisting 2003 domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Join server 2008 to exsisting 2003 domain

    Hi all hopefully you can help:-
    1) Last week we had a chinese hacker hack one of our servers through apache or tomcat and totally recked the server ( this server was a dc, dns, dhcp etc)
    2) We were unable to even start the server so had to do a full install this time server 2008 32bit edition
    3) Im trying to join the 2008 to the server 2003 using adprep /forest prep but i recieve an error :-
    Adprep encountered an LDAP error 0x208d Server Error msg 0000208D below this error i can see the server domain (the old one)
    4) I have seized what i thought was all the services on the 2003 broken server
    but still the error pops up.

    I am using the 2008 disk on the 2003 server and have copied the sources folder onto c: drive and running the adprep from their.

    Any help pls!!

    Thanks
    Ian

  • #2
    Re: Join server 2008 to exsisting 2003 domain

    Do I understand you want to add an additional W2K8 DC?
    Anyhow, start checking your current dc's by running DCdiag and Netdiag to see if their are any errors.
    also run netdom query fsmo to see where your current fsmo roles are located.
    Last edited by Dumber; 17th December 2008, 12:21.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Join server 2008 to exsisting 2003 domain

      Hi yes thats correct we are trying to add the 2008 server as a new DC , DHCP, and DNS and GC

      Ive ran netdom command and all i recieve is " The system cannot find the file specified" and "the cmd failed to complete succesfully". I'll try the others now and get back to you.

      Thanks

      Ian

      Comment


      • #4
        Re: Join server 2008 to exsisting 2003 domain

        Ive just run the dcdiag and i get two warnings when it gets to this test

        Starting Test :KnowsOfRoleHolders

        Basically the warnings say that the old server is the schema holder but it is deleted.

        What should i do now please.

        Comment


        • #5
          Re: Join server 2008 to exsisting 2003 domain

          please post the dcdiag output.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Join server 2008 to exsisting 2003 domain

            Sorry about that here it is ive attached the full text file.

            Ian

            The netdiag came back with no errors
            Attached Files
            Last edited by klakka; 17th December 2008, 14:14.

            Comment


            • #7
              Re: Join server 2008 to exsisting 2003 domain

              Well and if you run the netdom command i've given you previously you will notice you have indeed problems with the fsmo roles.
              However, run it just to make sure
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Join server 2008 to exsisting 2003 domain

                Not sure if you saw my last post but i get errors as in it cant find the specified file.

                Ian

                Comment


                • #9
                  Re: Join server 2008 to exsisting 2003 domain

                  And on your client (XP or so?)
                  Edit: oh you need to install the support tools for that. I thought you already had done that
                  http://www.microsoft.com/downloads/d...displaylang=en
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment


                  • #10
                    Re: Join server 2008 to exsisting 2003 domain

                    Ok ive installed the admin pack (it was installed)
                    when i run netdom query fsmo all i get is "The system cannot find the specified file"

                    Any clues please

                    Ian

                    Comment


                    • #11
                      Re: Join server 2008 to exsisting 2003 domain

                      Admin pack?
                      I'm talking about the support tools
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: Join server 2008 to exsisting 2003 domain

                        Anyhow,

                        This is the problem you have (although it's way easier to do with netdom to find out ):
                        Starting test: KnowsOfRoleHolders
                        Warning: CN=NTDS Settings\0ADEL:faea2939-3cf6-4dfe-bb4e-1c6df7c73abf,CN=FLOWMATION\0ADEL:a2a5476d-cb03-4333-b8a1-5381eec569eb,CN=Servers,CN=Meriden,CN=Sites,CN=Con figuration,DC=cogent,DC=local is the Schema Owner, but is deleted.
                        Warning: CN=NTDS Settings\0ADEL:faea2939-3cf6-4dfe-bb4e-1c6df7c73abf,CN=FLOWMATION\0ADEL:a2a5476d-cb03-4333-b8a1-5381eec569eb,CN=Servers,CN=Meriden,CN=Sites,CN=Con figuration,DC=cogent,DC=local is the Domain Owner, but is deleted.
                        ......................... DATA3 failed test KnowsOfRoleHolders
                        http://www.petri.com/seizing_fsmo_roles.htm
                        http://support.microsoft.com/kb/255504

                        If you can't transfer then anymore for what reason you might have their... then seize them.
                        However, make sure that that DC never come up again!!!
                        After doing that, you need to clean up your faulty DC
                        http://www.petri.com/delete_failed_dcs_from_ad.htm

                        If I'm not mistaken you need to remove the FLOWMATION\0ADEL from the domain.
                        Ps, Running a webserver straight on a DC isn't the smartest thing to do.
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment


                        • #13
                          Re: Join server 2008 to exsisting 2003 domain

                          I'm not sure about that problem, but if you've removed a server that held one or more roles, you will need to seize the role to an existing server - have a read of http://support.microsoft.com/kb/255504/EN-US/

                          Note that once you have seized a role away from a server, you should not reconnect it to the network. Not relevant in this case, but just so you know for future reference.

                          You should also know that it is not advisable to install any public-facing services on a DC as these are the most likely servers to become compromised - as you have discovered.

                          Edit: Didn't see Dumber's 2 posts on this page.
                          Gareth Howells

                          BSc (Hons), MBCS, MCP, MCDST, ICCE

                          Any advice is given in good faith and without warranty.

                          Please give reputation points if somebody has helped you.

                          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                          Comment


                          • #14
                            Re: Join server 2008 to exsisting 2003 domain

                            I'm trying to understand your past and current DC settings. You HAD a Win2003 DC that was hacked, and now it's gone? Did you also have at least one Win2008 DC? Did you upgrade the Schema by running ADPREP prior to the Win2003 being hacked?
                            Cheers,

                            Daniel Petri
                            Microsoft Most Valuable Professional - Active Directory Directory Services
                            MCSA/E, MCTS, MCITP, MCT

                            Comment


                            • #15
                              Re: Join server 2008 to exsisting 2003 domain

                              Well from what I understood he have multiple DC's but the one which has been hacked was probably the Shema Master.
                              However, it seems this role isn't sized to an other running DC so he can't run ADPREP.
                              Marcel
                              Technical Consultant
                              Netherlands
                              http://www.phetios.com
                              http://blog.nessus.nl

                              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                              "No matter how secure, there is always the human factor."

                              "Enjoy life today, tomorrow may never come."
                              "If you're going through hell, keep going. ~Winston Churchill"

                              Comment

                              Working...
                              X