+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Windows Thread, Corrupt Domain Controller in Technical; I've just spent the day getting a corrupted server back up and running. However, it's now clear that there is ...
  1. #1
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    907
    Thank Post
    207
    Thanked 344 Times in 238 Posts
    Rep Power
    93

    Corrupt Domain Controller

    I've just spent the day getting a corrupted server back up and running.

    However, it's now clear that there is some faults with the domain controller (plenty of errors in the log and any changes made to AD are not showing on the other domain controllers).

    It's clear I need to demote this server, but how can I be sure that this is the last domain controller in the domain?

    I've been looking at this thread:

    Corrupt AD HELP!!

    and it seems that I may need to seize the roles to another controller. How can I tell what roles each domain controller has?

    There are two other working DCs on my network, this one which has failed is the oldest and I'm not sure what the previous NM did regarding the roles.

    I was planning on phasing out this old DC at the end of this year (during the last week of term while everyone's watching DVDs!), but the hardware failure has brought things forward somewhat.

    TIA

  2. #2
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    907
    Thank Post
    207
    Thanked 344 Times in 238 Posts
    Rep Power
    93
    Just found a bit more info. By going to AD on a good domain controller, right clicking the domain name and then clicking "Operations Masters", all the entries point to a "good" working server.

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,971
    Thank Post
    886
    Thanked 1,715 Times in 1,481 Posts
    Blog Entries
    12
    Rep Power
    450
    Quote Originally Posted by Gibbo View Post
    Just found a bit more info. By going to AD on a good domain controller, right clicking the domain name and then clicking "Operations Masters", all the entries point to a "good" working server.
    you will also need to check in sites and services. If it is a good on in there you can uninstall DNS and demote the server. Also check that your clients wont be point to this server for DNS.

    How many DC's will you have once this has gone?

  4. Thanks to FN-GM from:

    Gibbo (5th December 2008)

  5. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    You need to get that domain controller out of there as soon as possible. Depending on the nature of the problem, you're running the risk of it corrupting AD and replicating the corrupt data to your 'good' AD controllers.

  6. Thanks to Geoff from:

    Gibbo (5th December 2008)

  7. #5
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    907
    Thank Post
    207
    Thanked 344 Times in 238 Posts
    Rep Power
    93
    The faulty server is only running IIS and as a DC. Once I demote it I'll have two other domain controllers remaining.

  8. #6
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,009
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108
    I would make sure the failing controller is disconnected from the network so its not upsetting the other 2. Seize the roles if you have to. You can google how to find what has which role. You can see most of them through the GUI or you can use NTDSUTIL. Theres a good KB here How To Find Servers That Hold Flexible Single Master Operations Roles

  9. Thanks to ChrisH from:

    Gibbo (5th December 2008)

  10. #7
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    907
    Thank Post
    207
    Thanked 344 Times in 238 Posts
    Rep Power
    93
    Right, I'm fairly confident I can remove it.

    Just to confirm, I do NOT tick the box "This server is the last domain controller in the domain"?

  11. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,971
    Thank Post
    886
    Thanked 1,715 Times in 1,481 Posts
    Blog Entries
    12
    Rep Power
    450
    Quote Originally Posted by Gibbo View Post
    Right, I'm fairly confident I can remove it.

    Just to confirm, I do NOT tick the box "This server is the last domain controller in the domain"?
    god no that we wreck the whole AD.

    I would just unplug the server and remove it manually from AD, DNS and Active Directory of Sites and Services.

  12. #9
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    907
    Thank Post
    207
    Thanked 344 Times in 238 Posts
    Rep Power
    93
    The only thing which concerns me is removing the DC role while the machine is not on the network.

    I would have thought having it connected to the network would notify the other DCs that the server is being demoted?

    Edit: Once again, I find out information after I post.

    During the decommissioning process, the Active Directory Installation Wizard will attempt to transfer any remaining operations master roles to other domain controllers without any user interaction. However, if a failure occurs, the wizard will continue to uninstall Active Directory and leave your domain without roles. Also, you do not have control over which domain controller receives the roles. The wizard transfers the roles to any available domain controller and does not indicate which domain controller hosts them.
    From: http://technet.microsoft.com/en-us/l.../cc755937.aspx

  13. #10

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,971
    Thank Post
    886
    Thanked 1,715 Times in 1,481 Posts
    Blog Entries
    12
    Rep Power
    450
    The only thing which concerns me is removing the DC role while the machine is not on the network.
    please can you explain more

  14. #11
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    907
    Thank Post
    207
    Thanked 344 Times in 238 Posts
    Rep Power
    93
    Well, the machine is not connected to the network, but when I try and demote it I get the error "The operation failed because a domain controller could not be contacted or the domain that contained an account for this computer."

    It suggests I make the machine a member of a workgroup then rejoin it to the domain before retrying.

    Step 7 of this article: http://technet.microsoft.com/en-us/l.../cc755937.aspx

  15. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,971
    Thank Post
    886
    Thanked 1,715 Times in 1,481 Posts
    Blog Entries
    12
    Rep Power
    450
    ah you will get that as it cant contact AD on the PDC

    I would remove it manually if that is the case

    Z

  16. #13
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,009
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108
    As me and Geoff have said keep it off the network. Pretend it has gone up in smoke and is a molten mess of plastic and metal. Remove it from Active directory by deleting its account. There are some other clean up steps you can perform and these are well documented. You are potentially risking messing up your whole AD if its spewing out crap.

  17. #14
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    907
    Thank Post
    207
    Thanked 344 Times in 238 Posts
    Rep Power
    93
    Grr, manual removal isn't working either "Error: The connected server will not remove its own metadata"

    It's not a problem to keep the machine off the network for good. Can anyone suggest any good instructions for removing the entries for this server from the good remaining DCs?

  18. #15

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,971
    Thank Post
    886
    Thanked 1,715 Times in 1,481 Posts
    Blog Entries
    12
    Rep Power
    450
    are you doing that on a good DC?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Domain Controller Migration
    By Blind in forum Windows
    Replies: 11
    Last Post: 18th May 2008, 12:36 PM
  2. Replies: 4
    Last Post: 3rd April 2008, 10:23 PM
  3. Domain Controller W2K rebuild
    By armadillo in forum Windows
    Replies: 3
    Last Post: 31st August 2007, 09:00 AM
  4. Domain controller not registering as a DC
    By Dos_Box in forum Windows
    Replies: 5
    Last Post: 13th June 2007, 05:17 PM
  5. decommisioning a domain controller
    By Oops_my_bad in forum Windows
    Replies: 3
    Last Post: 19th April 2007, 05:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •