none
About to recreate Primary Domain from scratch.....what to keep in mind?

    Question

  • Hi everyone. Long time lurker here, finally needing some help.

    Forgive any stupid questions / assumptions I may make as I am a new Systems Admin and still learning.

    We have our PDC on a Server2003 box. There is no BDC as of yet. We have another controller that we were attempting to make an official BDC, but since our PDC has far exceeded the tombstone lifetime, there is no real easy way to do that. Regardless, our servers are extremely ill organized, and as an employee of this company for a little over a month now, I'm taking the initiative to completely redo this domain to make everyone's life easier. I have this empty server with adequate space / power that is going to be the new PDC. Is there anything that I can transfer over from the older PDC that will make the installation/promotion of the new PDC easier? 

    What things will have to be recreated/resetup/reinstalled to the brand new server?

    Thursday, March 15, 2012 8:57 PM

Answers

All replies

  • basically looking for the shortest amount of downtime when i go to take down the current pdc. 

    - Rick

    Thursday, March 15, 2012 9:02 PM
  • Well if the server is tombstone and is the only server we can fix this issue pretty easy. Can you post a dcdiag?

    If you don't want to fix you can migrate the AD over to another Domain using ADMT

    http://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx

    If you still want to start from scratch you will need to create everything all over and add each computer to the new domain; migrate user's profiles; change DHCP settings; Exchange; etc.

    Thursday, March 15, 2012 10:14 PM
  • P:\>dcdiag

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\SHR-PDC
          Starting test: Connectivity
             ......................... SHR-PDC passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\SHR-PDC
          Starting test: Replications
             REPLICATION-RECEIVED LATENCY WARNING
             SHR-PDC:  Current time is 2012-03-16 08:48:24.
                DC=ForestDnsZones,DC=SandHill,DC=rosewoodhotels,DC=local
                   Last replication recieved from SHR-BDC at 2011-07-06 06:56:29.
                   WARNING:  This latency is over the Tombstone Lifetime of 60 days!

                DC=DomainDnsZones,DC=SandHill,DC=rosewoodhotels,DC=local
                   Last replication recieved from SHR-BDC at 2011-07-06 06:56:29.
                   WARNING:  This latency is over the Tombstone Lifetime of 60 days!

                CN=Schema,CN=Configuration,DC=SandHill,DC=rosewoodhotels,DC=local
                   Last replication recieved from SHR-BDC at 2011-07-06 06:56:29.
                   WARNING:  This latency is over the Tombstone Lifetime of 60 days!

                CN=Configuration,DC=SandHill,DC=rosewoodhotels,DC=local
                   Last replication recieved from SHR-BDC at 2011-07-06 06:56:29.
                   WARNING:  This latency is over the Tombstone Lifetime of 60 days!

                DC=SandHill,DC=rosewoodhotels,DC=local
                   Last replication recieved from SHR-BDC at 2011-07-06 07:08:43.
                   WARNING:  This latency is over the Tombstone Lifetime of 60 days!

             ......................... SHR-PDC passed test Replications
          Starting test: NCSecDesc
             ......................... SHR-PDC passed test NCSecDesc
          Starting test: NetLogons
             ......................... SHR-PDC passed test NetLogons
          Starting test: Advertising
             ......................... SHR-PDC passed test Advertising
          Starting test: KnowsOfRoleHolders
             ......................... SHR-PDC passed test KnowsOfRoleHolders
          Starting test: RidManager
             ......................... SHR-PDC passed test RidManager
          Starting test: MachineAccount
             ......................... SHR-PDC passed test MachineAccount
          Starting test: Services
             ......................... SHR-PDC passed test Services
          Starting test: ObjectsReplicated
             ......................... SHR-PDC passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... SHR-PDC passed test frssysvol
          Starting test: frsevent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... SHR-PDC failed test frsevent
          Starting test: kccevent
             An Warning Event occured.  EventID: 0x80000785
                Time Generated: 03/16/2012   08:39:49
                Event String: The attempt to establish a replication link for
             An Warning Event occured.  EventID: 0x80000785
                Time Generated: 03/16/2012   08:39:49
                Event String: The attempt to establish a replication link for
             An Warning Event occured.  EventID: 0x80000785
                Time Generated: 03/16/2012   08:39:49
                Event String: The attempt to establish a replication link for
             An Warning Event occured.  EventID: 0x80000785
                Time Generated: 03/16/2012   08:39:49
                Event String: The attempt to establish a replication link for
             An Warning Event occured.  EventID: 0x80000785
                Time Generated: 03/16/2012   08:39:49
                Event String: The attempt to establish a replication link for
             ......................... SHR-PDC failed test kccevent
          Starting test: systemlog
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 03/16/2012   08:48:10
                (Event String could not be retrieved)
             An Error Event occured.  EventID: 0x00000457
                Time Generated: 03/16/2012   08:48:11
                (Event String could not be retrieved)
             ......................... SHR-PDC failed test systemlog
          Starting test: VerifyReferences
             ......................... SHR-PDC passed test VerifyReferences

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : SandHill
          Starting test: CrossRefValidation
             ......................... SandHill passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... SandHill passed test CheckSDRefDom

       Running enterprise tests on : SandHill.rosewoodhotels.local
          Starting test: Intersite
             ......................... SandHill.rosewoodhotels.local passed test Int
    ersite
          Starting test: FsmoCheck
             ......................... SandHill.rosewoodhotels.local passed test Fsm
    oCheck


    - Rick

    Friday, March 16, 2012 3:50 PM
  • Alright so, you need to cleanup the metadata from the failed DC that hasn't been replicated.

    http://technet.microsoft.com/en-us/library/cc736378(v=ws.10).aspx

    Simple as that it seems like that is the only problem you have

    Friday, March 16, 2012 3:55 PM
  • do i run that on the current PDC, or the destination  server that was failing replication? what's the way i should type it? when i try to input it on the current pdc it tells me my syntax is incorrect. 

    - Rick

    edit:  i see that there is a script link there, but i have no idea how to run that kind of script. suggestions? 
    Friday, March 16, 2012 4:02 PM
  • thanks guys!

    that's exactly what I needed. 

    now that the server has been officially promoted to BDC, is there anything else that I have to set up to make the BDC ready for if the PDC fails?


    - Rick

    Friday, March 16, 2012 5:16 PM
  • Make sure DHCP has the new DNS server in the Scope options. Make sure both DCs are pointing to themselves.

    Add DNS Forwarders to the DNS server.

    Make sure new DC is a Global Catalog server as well

    Friday, March 16, 2012 6:57 PM
  • will adding the DNS sever role on the BDC cause any interference with the PDC? Same question for making the BDC a Global Catalog server.

    - Rick

    Friday, March 16, 2012 7:17 PM
  • No, when you are using AD all your DCs should really be DNS servers. You will use Active Directory Integrated DNS Zones this will allow you to have a full writable copy of DNS on all DCs. Having both DC as GC is fine this is common
    Friday, March 16, 2012 7:20 PM
  • thank you so much. you're such a lifesaver! just finshed adding the bdc as a dns/gc sever, about to reboot it; hopefully smooth sailing from there.


    - Rick

    Friday, March 16, 2012 7:32 PM
  • now that the dns sever role is installed on the BDC, does it need any additional configuration for that? I see a configure dns server button on the administration console of that server, but didn't know if it should have pulled the config from the PDC already.

    - Rick

    Friday, March 16, 2012 7:51 PM
  • If you go into DNS do you have the same DNS console as your other DC?

    If you do then you are good.

    Friday, March 16, 2012 9:29 PM
  • does the fact that the PDC is 2003 and the BDC is 2008 have any affect on the similarities/differences between how the DNS windows look?

    - Rick

    Friday, March 16, 2012 10:37 PM
  • Your DNS zones will be the same
    Friday, March 16, 2012 10:50 PM
  • looks like everything matches up on the DNS windows :)

    - Rick

    Friday, March 16, 2012 11:04 PM