none
Setting up a BDC how should I proceed?

    Question

  • My one and only DC in my network is in need of serious work. I want to setup a BDC in case the PDC crashes and burns or if I need to reformat it (the preferred option). I'm not quite sure what the best way is to handle this.

    Some of the issues I'm expierencing are:
     1- Permissions have dissapeared from all folders (yet the folders are accessible)
     2- SCSI Card causes an occassional Inaccessible Boot Device BSOD upon reboot.
     3- Replication Service errors (because a BDC was taken offline sometime ago and never replaced)
     
    The PDC is a Windows 2000 SP4 server with stores user folders/files and is a DNS server.  All the other servers are 2003.  I am hestitant to attempt to do anything to correct the issues on my PDC for fear it might crash rendering my domain inaccessible.

    I can install any OS (2000,2003,2008) on an additional workstation to make it a BDC/DNS server.  In fact I'd like to setup several BDC/DNS servers.

    Should I stick with W2K or make the move to W2k3? 

    I've never done this before so I don't want to complicate the issue further.  Any opinions on how this should be done are greatly appreciated.
    Thursday, August 27, 2009 2:32 PM

Answers

  • I prefer more conservative approach - but if you are feeling adventurous and have verified valid backup of your current DC, you might be able to save yourself some time and effort and switch to Windows Server 2003-based DC in the same step...

    I'd not expect that metadata cleanup would have any negative impact on your existing member servers...

    hth
    Marcin

    Friday, August 28, 2009 9:02 PM

All replies

  • Start by cleaning AD metadata by removing references to your non-existing domain controller (follow http://support.microsoft.com/kb/216498). Then promote a Windows Server 2000 computer to another domain controller in the same domain - transfer all the FSMO roles to it, designate it as a GC and DNS server, and configure any other services that are currently hosted on your DC. Once that's completed, ensure that your AD is fully operational (including replication between DCs). You might want to shut down your current DC to test whether there is anything you missed. Once this is confirmed, demote the current DC, fix the hardware issues, and install Windows Server 2003/2008 on it. At that point, you might consider steps outlined in http://support.microsoft.com/kb/325379 or http://technet.microsoft.com/en-us/library/cc733027(WS.10).aspx (dependnig on the target OS version)

    hth
    Marcin
    Thursday, August 27, 2009 2:50 PM
  • Marcin,

    Thank you for the reply. Internet issues have prevented me from responding sooner.

    I already start installing 2003 on an additional machine so I could make it my "BDC" however if you think using 2000 is a better solution at this time then I will follow that option. What do you think?

    Also one of the old DCs crashed and was reformatted but was named the same and not made a DC again. Would removing the metatdata from AD affect this current server at all? If so I could always make that 2003 server the BDC.
    • Edited by -AVB- Friday, August 28, 2009 8:59 PM
    Friday, August 28, 2009 8:49 PM
  • I prefer more conservative approach - but if you are feeling adventurous and have verified valid backup of your current DC, you might be able to save yourself some time and effort and switch to Windows Server 2003-based DC in the same step...

    I'd not expect that metadata cleanup would have any negative impact on your existing member servers...

    hth
    Marcin

    Friday, August 28, 2009 9:02 PM
  • Marcin,

    I am working on cleaning up my metadata. I've read and followed the instructions in the link you provided above. I am at the critical step of removing the server object.

    The server Remove Confirmation Dialog box says:

    Are you sure you want to remove the server object "CN=Servername....."? This is not the last server for domain...
    Warning: The server in question should already be off-line permanently and never return to service. If it comes back on-line, the server object will be revived.


    You stated: "I'd not expect that metadata cleanup would have any negative impact on your existing member servers..."

    The server I want to remove from the metadata is a fully functional business critical server. I need to know with 100% certainity that removing this server object won't disrupt the current state of the server. 

    What happened was this 2003 server (in a 2000 Domain) was promoted to a DC. A format and reinstallation of 2003 was performed. The server was given the same name but was never promoted again to a DC. I just don't want this server to be considered a DC anymore really. I still want it to reside in AD as a normal server though.

    Will removing the server object from the metadata cause problems with the existing server?

    TIA.
    Wednesday, September 02, 2009 1:06 PM
  • To begin with, I'm not sure what time zone you are in, but you shouldn't be performing any changes to business critical systems during business hours. In addition, before you proceed, make sure you have a full, valid (tested) backup of your AD - so you can perform a restore in case the plan does not work out as expected. If you want to increase your level of confidence in this change, use your lab environment (that mirrors production) to test it. 

    Note that your current member server is represented by a different computer object in AD - with its own distinguished name - than the domain controller - so make sure you are removing the correct one...

    hth
    Marcin
    Wednesday, September 02, 2009 2:24 PM
  • Marcin,

    Thanks for the quick reply.

    I have multiple backups of the system state data from my PDC. Not sure how to test that it's valid aside from doing a restore to another location to verify all the files can be restored.  Is there any other way to validate the data is good aside from that restore?

    Also we do not have a lab environment. Would be nice though....

    If cleaning the metadata from my PDC isn't going to cause any issues with the server in question then I should be able to remove that old DC from the metadata during business hours and not have any problems. But if removing the server from the metadata IS going to cause problems then I need to know what kind and what I need to do to recover from it.

    You also mentioned:
    "Note that your current member server is represented by a different computer object in AD - with its own distinguished name - than the domain controller - so make sure you are removing the correct one..."

    The only way I am removing anything is from NTDSUtil using the MetaData Cleanup so this shouldn't be an issue I assume? I am not going into AD Users and Computers to remove any Machine Accounts. Will removing a server through metadata cleanup remove the machine account too? In fact there is no other reference in AD Users and Computers to this server aside from it's non-DC machine account.
    Wednesday, September 02, 2009 3:32 PM
  • That's correct - you should perform a restore of your backups on regular basis to verify their validity.
    With a number of free virtualization products currently available, setting up a lab is actually not that difficult or expensive.
    Considering that your server is not a domain controller, then I wouldn't expect DC metadata cleanup to have any impact on it, however, ultimately, determining this is your responsibility. If you are looking for better assurance, you might want to contact PSS...

    hth
    Marcin

    Wednesday, September 02, 2009 5:13 PM
  • Marcin,

    Thanks again. You've been very helpful.

    What would you think about me setting up that BDC before cleaning up the metadata?

    I can clean up the metadata tonight (after hours) but I don't want to wait until tomorrow to start setting up the BDC. I'm ready to attach the new server to the domain and start making it a BDC.  If having to clean the metadata on two servers is the worst case scenario because I setup the BDC before purging that old data then I can live with that. 

    The only place that I see any reference to the old BDC is in ADSS under the Servers folder. Can I just right-click and delete that reference?

    Wednesday, September 02, 2009 5:36 PM
  • That's part of the cleanup process (as described in http://support.microsoft.com/default.aspx/kb/216498)

    hth
    Marcin

    Wednesday, September 02, 2009 6:00 PM