On the PDC, run ADPREP from the Windows Server 2003 R2 Disk2 CD, the path is \CMPNENTS\R2\ADPREP. This will update your schema to allow you to connect a Server 2003 R2 server as a DC by using DCPROMO. Ensure replication between your PDC and your new R2 server, and then force demote the failing DC. Instructions for that can be found here: http://technet.microsoft.com/en-us/library/cc781245%28WS.10%29.aspx The main thing to remember is to go through the AD metadata and cleanup any trace of the failed DC. After that I would transfer all the FSMOs from your current SP2 DC to the new R2 DC and then upgrade the SP2 server to R2. You want your DC's all to be running the same OS with the same service packs and patches.
________________________________________________
Mike Miller
Network Services
Information Technology Center
College of Veterinary Medicine
Michigan State University
A227 VetMed Center
East Lansing, MI 48824
[log in to unmask]
Phone: (517) 353-5551
Fax: (517) 432-2937
>>> "Vasquez, Timo" <[log in to unmask]> 7/29/2009 1:24 PM >>>
I may have missed this, but the DC with the problem was just that a DC/
Backup DC not a primary is that right? Can your users login and get out
to the internet just fine? If your other functions are solid with your
new 2003 PDC, you really don't need to worry about the other box if it
was just for Backup Purposes. So you could just upgrade or decommission
that box period without ill effect. Hmmm.
Timoteo "Timo" Vasquez - AIS
Client Server Team
[log in to unmask] - 353.4420 Ext.249
Michigan State University
2 Administration Building
East Lansing, MI 48824-1046
From: MSU Network Administrators Group [mailto:[log in to unmask]] On
Behalf Of Jon Galbreath
Sent: Monday, July 27, 2009 10:50 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Demoting DC that can't replicate
I would drop the firewalls on the PDC and failing DC and see if
replication occurs. If so, your firewall is too restrictive. I've had
this problem before.
http://support.microsoft.com/kb/555381 this kbase article is a good
guide for setting the File Replication services to use a specific port
to make the firewall configuration a snap to maintain. Just assign a
static port to the service, then add that exclusion to your firewall
rules.
To drop the firewall if you're enforcing it with a GPO, just run 'net
stop sharedaccess' at the command prompt.
Also, the Security Configuration Wizard works wonders for automatically
configuring the required exclusions on the firewall, based on what
services are running on the server.
Jon Galbreath
MCSE/Security+
Systems Administrator
International Studies and Programs
Ph: 517-884-2144
[log in to unmask]
From: MSU Network Administrators Group [mailto:[log in to unmask]] On
Behalf Of Jesse Howard
Sent: Monday, July 27, 2009 10:26 AM
To: [log in to unmask]
Subject: [MSUNAG] Demoting DC that can't replicate
I have an old domain controller that has been having DNS and replication
errors for some time now. The PDC in the domain was recently brought up
to windows 2003 server service pack 2, and now replication with the
failing DC is completely gone. The current PDC is holding all FSMO
roles. My question is; can I safely ADPREP the domain, DCPROMO a new DC
(2003 R2), and then demote the old DC that can't replicate?
Thanks,
Jesse Howard
_______________________
IT Administrator
Michigan State University Press
[log in to unmask] <mailto:[log in to unmask]>
www.msupress.msu.edu <http://www.msupress.msu.edu/>
