Windows Domain Controller dies, how to replace it?

Similar Messages

• Move Windows Domain Controller 2012 to other Windows Domain Controller 2012 eniveroment

  Dear All,
  I Have Windows Domain Controller 2012 and but this server have a lot of issue so I need to ask you if I can move this server to other new server as is old server if yes can you please guide me how to do that ?
  Regards, 

  Hello Khaleel,
  Your question doesnt specify what kind of errors are there on DC 2012. Try to resolve those errors.
  Incase the server cannot be remediated, you can demote the server from being a DC.
  you can demote the server using:
  http://terrytlslau.tls1.cc/2012/03/domain-controller-demotion-on-windows.html
  Please ensure, there is another DC in the domain and the FSMO roles , GC have been transferred to another server.
  http://support.microsoft.com/kb/223346/en-us
  http://www.archy.net/windows-server-2012-migrating-fsmo-roles/
  I LOVE MS..... Thanks and Regards, Kshitiz (Posting is provided "AS IS" with no warranties, and confers no rights.)

• Windows domain controller in a virtual machine: how dangerous is saving its state for a short period of time?

  I have a Windows Server 2012 R2 virtualization cluster. All the hosts are connected to an external storage system, and virtual machines' files are stored on external volumes (CSVs). All the hosts and virtual machines are a part of the same AD domain
  (mixed Windows Server 2012 RTM / 2008 R2 domain controllers). All the domain controllers are running in the virtual machines on the hosts of this cluster.
  To prevent problems when all the hosts are turned off and then on simultaneously (for example, because of a power failure) all the domain controller VM files has been placed on local disks of the virtualization hosts (not on the Cluster Shared
  Volumes). As Hyper-V services don't depend on other Windows Server services (except its networking components), it means that my domain controllers can always start, providing the virtualization host can start at all. However, it also means
  that those DCs cannot be (quickly) migrated to other hosts while their current hosts are being rebooted. So if I need to reboot a virtualization host to install new updates, for example, I have to shut down the corresponding DC, reboot the host
  and wait for the DC to finish cold boot and come back online. It means some interruption of service for our users, which, in turn, requires me to perform the reboots late in night.
  The downtime can be significantly decreased by saving the state of the VM in which the DC is running. However, all the articles I've found on the Internet strongly recommend against it. I'm trying to understand why this recommendation was issued in the first
  place. However, I'm unable to find a clear explanation. I've found some statements that saving state of a DC can cause serious AD replication problems because of tombstoning, and that the password of a DC computer account may be changed
  while the DC itself stays in the saved state, which could prevent the DC from connecting to the domain after its state has been restored. However, those considerations are non-significant when we discuss a short-time
  (5 to 10 minutes) saved state.
  I work with AD and virtualization long time, and I fail to see any danger in saving state of a DC for several minutes. In my opinion, after its state has been restored it would simply replicate all the AD changes from other DCs, and that's all.
  What's your opinion?
  Evgeniy Lotosh
  MSCE: Server infractructire, MCSE: Messaging

  Hello,
  as stated in "http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(v=ws.10).aspx"
  Operational Considerations for Virtualized Domain Controllers
  Domain controllers that are running on virtual machines have operational restrictions that do not apply to domain controllers that are running on physical machines. When you use a virtualized domain controller, there are some virtualization software features
  and practices that you should not use:
  Do not pause, stop, or store the
  saved state of a domain controller
  in a virtual machine for time periods longer than the tombstone lifetime of the forest and then resume from the paused or saved state.
  This may sound as it is supported to store it for shorter times and use it.
  BUT recommendation also from the Hyper-V Program manager in
  http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx recommends against using them.
  Also best practices
  http://blogs.technet.com/b/vikasma/archive/2008/07/24/hyper-v-best-practices-quick-tips-2.aspx
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Windows Domain Controller on Windows Server 2012 R2: Hyper-V roaming profiles not loading due to slow connection

  I have racked my brain and done everything that I know to do for about two weeks now.  I am setting up a new system at our fire department and I am having the worst luck with getting the workstations to login to the domain controller with roaming
  profiles.  It keeps telling me that the roaming profile could not be loaded because of a slow connection.  These are workstations that are connected directly to the switch that the DC is connected to.  I have tried multiple connections regarding
  the layout (DC into the router, router into the switch).  The router is a Cisco RV220W.  I have two VLANS, one for public and one for private domain.  The Private VLAN has DHCP turned off since I am providing it through the DC.  I currently
  have a connection from the Private VLAN going to the unmanaged switch that the workstations and server are plugged into.
  The server is a Dell PowerEdge R420 that has 6 NIC ports (1 dual port and 1 quad port).  I have a virtual switch setup on Hyper-V for an external port (let's say Card 2 Port 3) that is assigned to the WS 2012R2 Domain Controller.  The DC can see
  the internet fine and the workstations can connect to the shared folders on the server.  I can retrieve files by just using the computer name or FQDN.  The DC is also running DNS and DHCP.  The DNS has the _msdcs setup from when I installed
  the active directory role.  I have attempted to assign static IP addresses to the workstations:
  IP:                     10.0.0.80
  Subnet:             255.255.255.0
  IPV4 Gateway:  10.0.0.1
  IPV4 DNS:        10.0.0.12
  I've attempted "append the specific DNS suffix", I've "registered the connection in DNS", I've used "use this connections suffix in DNS registration".
  The server is assigned:
  IP:                     10.0.0.12
  Subnet:             255.255.255.0
  IPV4 Gateway:  10.0.0.1
  IPV4 DNS:         10.0.0.12
  The DNS entries have forwarders that forward to my ISP DNS servers for lookup
  I've enabled and disabled DHCP, I've installed a new VM just to create another DC to make sure that I didn't goof up when I created it.
  I've lost my patience with this project and am sinking fast.  Can someone please offer some advice as to what I've done wrong?  I've created this exact scenario at work many times but, I've never done it with Windows Server 2012.  Is this
  possibly something to do with the Dell PowerEdge server (Generation 12) with the SR-IOV?  I am going to attempt to work on it some more tomorrow when I get over there.  I think there may be an issue with the SR-IOV not being enabled on the machine
  through the Dell Bios.  Would the SR-IOV really cause the workstations to report a slow connection?  When I login at the domain controller the roaming profiles and folder redirection work fine so, I know the GPO settings are correct.  I don't
  have "ignore slow connections" or any of those GPO's set.  I need to get it working the correct way so, I didn't want to fool the server when there is another underlying problem.  Any help that someone can offer, I am more than willing
  to listen.  If you need more information, please ask.
  Thanks,
  Jay

  So, I've managed to research this some more since Thursday and I've come to the conclusion that Hyper-V does a horrible job of supporting Qualcomm NIC cards. That's the only thing I can conclude as far as where the issue is originating. I've read many
  post and walkthroughs but nothing that has helped. The issue wasn't with any settings in the domain controller. The issue was that there really is a slow connection originating at the domain controller that is a VM and has network connectivity through the
  virtual switch from Hyper-V. So, next question is, how do I get the DC to have better connectivity through the NIC that Hyper-V won't give it? If hyper-v would allow passthrough, this would be so much simpler. VM-ware is looking really good at this point.
  Im disappointed in MS right now.

• 802.1x and Windows Domain Controller with ACS

  Wow, I am having a tough time getting my ACS and the Domain controller to work with 802.1x PEAP. Can somebody explane to me how to set up the domain controller (Active directry) to get a PEAP cert? Some other questions. If I am using PEAP and 802.1x how does my computer get a cert. from the CA if the port is disabled by 802.1x? And How do I set up my domain controller to work with ACS to authenticate users. I have been beating my self to death to figure this out. Any help would be ausome. I am really stuck on trying to make this work.
  Thanks a ton in advance
  Justin

  I as a Cisco customer would like to see answers to our questions based on some real world experience or something you've noticed in a lab environment.
  By simply posting links is not very helpful. The reason most of us come to this site and post our questions, is because we already went to the Cisco website and found the explanation to be vague. In the future, please post answers to our question, intead of referring us to a link.
  Thank you,
  John...

• Windows Domain Controller certificate for non domain clients

  Hi,
  Is it possible that we can export windows domain certificate and use it for non domain computers without joining domain, so that they can communicate each others without joining domain controller?
  Regards

  Hi,
  Is it possible that we can export windows domain certificate and use it for non domain computers without joining domain, so that they can communicate each others without joining domain controller?
  Not sure that what you want to achieve here.
  However, yes, it is possible to export certificates (with private keys) from domain machines then import them to non-domain machines, and some certificates can even function well based on key usages. Please note that Domain Controller certificates are only
  meaningful to Domain Controllers. Possession of domain certificates doesn’t indicate machines are part of domain.
  Without joining a machine to a domain (or without a trust), the machine is always treated as untrusted by the domain members no matter what kind of certificates it holds.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Determine which Windows Domain Controller I'm authenticating to:

  Thanks. 
  I've tried this:  "dscl . -read /Config/Kerberos:<YOUR.KERBEROS.REALM>"
  but I keep getting a "<dscl_cmd> DS Error: -14136 (eDSRecordNotFound)" error.
  I've substituted "<YOUR.KERBEROS.REALM>" with every known "mydomainname.com" variation I can think of. 
  Does anyone know another way to glean this information?

  Easiest way from Windows is to go to a command prompt and type "set" (no quotes).  Look for the LOGONSERVER variable.
  On a Mac if you don't wan tto use dscl you might be able to use netstat and grep for 389 or 636 (LDAP/LDAPS ports)

• Windows Server 2008 R2: Server unable to authenticate with Domain Controller

  Hello, I was wondering what could be the reason for this error if it is certain that there was no other computer on the network using the same name:
  This computer could not authenticate with<Domain-controller>, a Windows domain controller for domain <Domain-name>, and therefore this computer might deny logon requests. This
  inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. 
  What would cause the machine account pw to be 'not recognized'?

  You can track changes in AD by enabling AD Auditing: https://technet.microsoft.com/en-us/library/cc731764%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
  As reading the logs is usually a complicated and time consuming task, it is recommended to use a third party tool for auditing. The one I usually recommend is Lepide Auditor - Active Directory: http://www.lepide.com/lepideauditor/active-directory.html
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• How to add a Mac Mini device to the windows domain

  Hi,
  I want to add my Mac Mini machine to a windows domain. Is it possible to add it? I have tried but it is not working. It asks for Client ID While joining to a windows domain. I have given MAC address, IP address and hostname of Windows server but it is not working. Please do help me out to sort out the issue.
  Regards,
  Ram_Livia

  Hi BDAqua,
  Why should we create a user again? The point is I am going to join this Mac Mini to a windows domain controller. Windows domain controller means a centralized database of an organization. It is communicating with my Domain controller. But the issue is it is not founding my domain node while joining to a domain. Please find the attached screen shots for your reference. If you have worked on this please send me step by step configuration.

• Recovering Domain Controller in Exchange 2010 environment.

  Hi Friends,
  We have one windows 2008 Domain controller & one Exchange 2010 server with all role installed, My problem is if My domain controller failed , how  i can recover it?
  Is there ant step for domain controller recovery in Exchange 2010 Environment.?
  Thanks & regards,
  Pradeep

  Hi Pradeep,
  Sorry to hear that... The only option you have is to do non-authoritative restore of Active Directory...
  From Exchange prospective, once you do restore from an old backup whatever changes you made in Exchange since then won't be there as Exchange keeps all the settings in active directory, for example if you have created users then you would need to recreate
  them and attach their mailbox to back to users...
  Blog |
  Get Your Exchange Powershell Tip of the Day from here

• Error finding a domain controller

  Hi,
  I have an error in finding a windows domain controller when a PC bootup and does a network access via a Cisco wireless PCMCIA card (AIR PCM-352) managed by Cisco ACU.
  This is the situation:
  - the operating system of the PC is Windows XP sp2
  - the wireless card is an AIR PCM352 with firmware V.5.60.21
  - the version of ACU is 6.6.00
  - the Access point is a Cisco 1120 (802.11b) with IOS version 12.3(8)JA
  - wireless communication is completely open (ssid in guest mode, authentication open ,no wep)
  - the ip address of the PC is obtained via DHCP (DHCP server is a Microsoft Server)
  I notice a difference between a Cisco PCMCIA card 352 managed by Cisco ACU and by Windows XP.
  In fact this error doesn't happen when the WLAN card is controlled by Windows wireless utility.
  Is it possible that the startup timing of the Cisco ACU is later than the Window's one?
  Does anyone resolved this error?
  Thanks in advance
  Antonio

  Hi Antonio,
  Obviously you get the error of the domain not found because your wireless card is not even associated (the wireless card utility hasn’t started)
  Can you clarify the line "Is it possible that the startup timing of the Cisco ACU is later than the Window's one? " . You mean start the Cisco ACU before the windows one right?
  The best way to get around issues like that is to use for example the Odyssey client from Funk and turn on GINA and it should work fine.
  Rgds,
  Pablo

• Script for synchronizing the clock with Domain Controller

  Hi Everyone,
  In our environment, we have Mac machines which are joined to window's domain. Once in while machine will not log on to domain because the OS clock had a different time than the domain controller and sooner you fix the clock, machine will start communicating with domain controller.
  I was wondering if there is an easier way to do this using script which can run every few hours to force the OS clock to synchronize with the domain controller.
  Thanks,

  You don't need an Applescript to do that.
  Enable the NTP server on the Windows Domain Controller (perhaps start here: http://technet.microsoft.com/en-us/library/cc773013.aspx).
  Then setup the Macs to use NTP (Network Time) to sync to the domain controller.

• Add mac to windows domain

  Hi, everyone
  I need to get connected to a corporate domain, which is Windows based server.
  I have both the name and address of the domain, my user name and password.
  But my MBP says all the time that either "server is not existing...." or "can notfind server...."
  I would appreciate some help solving this.
  Thanks.
  Igor

  Hi BDAqua,
  Why should we create a user again? The point is I am going to join this Mac Mini to a windows domain controller. Windows domain controller means a centralized database of an organization. It is communicating with my Domain controller. But the issue is it is not founding my domain node while joining to a domain. Please find the attached screen shots for your reference. If you have worked on this please send me step by step configuration.

• Weblogic on Unix, authenticating users/groups from NT domain controller

  Hi!
  Our weblogic 6.1 server will eventually run on a non-windows platform, but
  needs to authenticate users from a Windows NT 4.0 domain controller. What's
  the best solution to this?
  - What (inexpensive) LDAP-servers supports synchronization with a Windows
  domain controller?
  - Or am I missing out on other ways of doing this?
  jan henrik

  Yes. Other instrinsic jobs are failed too. Does this related to Job Dispatcher service? Thank you for your help.

• Refreshing the DEV system, which is our domain controller

  Hi,
  We refreshed our DEV system, which is our domain controller. How to get back our STMS configuration in the domain controller ? Can I run se06 in our proudction system to delete the TMS and then running STMS in production to create the TMS. Then approving that in the domain controller. Is there any other way to restore the configuration ?
  Thanks
  Rabi

  You could always specify a backup domain controller before you start.