4

I am so upset of this as i am not getting a proper answer anywhere. Let me make it clear the same scenario again.

  1. I have a DC named DC-1 & another DC named DC-2. both DC-1 and DC-2 are the name servers.
  2. DC-1 is holding all the 5 roles.
  3. DC-1 goes down due to hardware failure(assume) and is no longer available. I cant even boot it up.
  4. Now my question is how can i bring up the ADC(DC-2) as an active DC as all my roles are belongs to DC-1.
  5. If its related to seize and transfer the roles from DC-1 to DC-2, yes i tried it. Let me share the results.

i) i went to DSRM on DC-2 and tried ntdsutil command like this: ntdsutil>roles>connections>connect to server:

ii)when i tried connect to server i'm not able to connect any of the DC-1 or DC-2. I tried with "Set creds" also but i didnt work.

iii) tried to connect the domain no luck :(

iv) As it was a test environment i brought back the DC-1 up and tried the steps again from DC-2 it was success. I am able to connect to the server. But we dont want this. We want this when the DC-1 is totally in dead state.

OK. I hope you all are understood my crisis.. Can anybody help here. Am i doing something wrong steps or any other method to bring up the DC-2 with all the roles with out having DC-1 up. Please share your valuable knowledge and expertise!

Skyhawk
  • 14,200
  • 4
  • 53
  • 95
  • I'm not understanding your terminology. What do you mean by DC and ADC? They're both Domain Controllers, right? Have you followed this article: http://support.microsoft.com/kb/255504 – joeqwerty Jul 07 '10 at 13:12
  • Yes. Domain Controller and Additional Doman Controller. –  Jul 08 '10 at 09:07
  • fixed up the question to remove the ADC so there's no confusion with Active Directory Connector for Exchange – Nick Kavadias Jul 08 '10 at 13:23

5 Answers5

5

ADC being Active Directory Connector for Exchange? If so, being an ADC doesn't make the server a domain controller also. If this is the case, you're out of luck as you've lost your only functional DC.

However if I'm reading that wrong and DC2 is definitely a full domain controller, then I think your problem lies in trying to use restore mode. You shouldn't need to. Instead, bring DC2 up into its regular windows environment, then follow the 'Seize FSMO Roles' guide found here: http://support.microsoft.com/kb/255504

Note: Ignore the 'Transfer' guide. It's not relevant for your scenario.

Edit: I just found the other question where you got the term 'ADC' from. This term is widely recognised as 'Active Directory Connector for Exchange' and not 'Additional Domain Controller' which I think is your usage. I don't recommend the use of acronyms that aren't widely used, as it often just causes confusion.

Chris Thorpe
  • 9,953
  • 23
  • 33
0

I think Santosh is referring DC (domain controller) as a PDC or the one that holds FSMO role. And ADC - Additional domain controller, it can be a normal domain controller or with a global catalog role.

(in reply to joe comment above)

Muhammad
  • 699
  • 10
  • 20
  • Thats true Muhammad. I meant ADC as Additional Domain Controller. –  Jul 08 '10 at 12:55
  • Yes, Nick, Thats a point. I dont have DNS configured in my DC-2 :( So what would be the solution in this senario where DNS is also not available...? –  Jul 09 '10 at 06:58
0

When you're on DC-2 with DC-1 shutdown, check that you have a valid DNS server in the network configuration of DC-2 so that it will still be able to resolve DC-2 as a domain contoller, it may be configured with DC-1 for DNS?
If there is a valid DNS server in there (i.e. NOT DC-1) then check that the right service records are in there for DC-2. For more info on this, look at this KB.

Nick Kavadias
  • 10,796
  • 7
  • 37
  • 47
  • Yes, Nick, Thats a point. I dont have DNS configured in my DC-2 :( I found one more thing, in 2003 DNS wont be installed automatically in the Addition DC where as its there in 2008 server...! –  Jul 09 '10 at 06:57
  • so what DNS server is DC-2 pointing to (as a client) when DC-1 is shutdown? you still need DNS to be able to look up the SRV records & figure out what box is a DC – Nick Kavadias Jul 23 '10 at 05:04
0

Let me paste the result:

fsmo maintenance: seize schema master

Attempting safe transfer of schema FSMO before seizure. ldap_modify_sW error 0x34(52 (Unavailable). Ldap extended error message is 000020AF: SvcErr: DSID-03210312, problem 5002 (UN AVAILABLE), data 1722

Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)

Depending on the error code this may indicate a connection, ldap, or role transfer error. Transfer of schema FSMO failed, proceeding with seizure ...

Server "test-adc" knows about 5 roles Schema - CN=NTDS Settings,CN=TEST-ADC,CN=Servers,CN=Default-First-Site-Name,CN=S ites,CN=Configuration,DC=test,DC=com Domain - CN=NTDS Settings,CN=TESTSCCM,CN=Servers,CN=Default-First-Site-Name,CN=S ites,CN=Configuration,DC=test,DC=com PDC - CN=NTDS Settings,CN=TEST-ADC,CN=Servers,CN=Default-First-Site-Name,CN=Site s,CN=Configuration,DC=test,DC=com RID - CN=NTDS Settings,CN=TEST-ADC,CN=Servers,CN=Default-First-Site-Name,CN=Site s,CN=Configuration,DC=test,DC=com Infrastructure - CN=NTDS Settings,CN=TEST-ADC,CN=Servers,CN=Default-First-Site-N ame,CN=Sites,CN=Configuration,DC=test,DC=com fsmo maintenance:

0

I got you points,DC1 holding 5 FSMO roles & ADC just back up.To confirm this goto CMD window and type "net accounts" u can see PRIMARY for DC1 and BACKUP for DC2.

In case if we are manually going to down the DC1 then we need to transfer roles. In case if we get DC1 down automatically due to some hardware issue,then we need to use seize the roles.

Steps: Goto DC2 CMD PROMPT WINDOW TYPE the following one by one.

ntdsutil roles connections connect to server DC2 quit seize pdc seize schema master seize rid seize im seize name

sure it'll work....

By Senthilkumar