Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Domain Recovery - Clearing Up Remaining Problems

  • Please log in to reply
2 replies to this topic

#1 MikhailCompo


  • Members
  • 1 posts
  • Local time:06:31 PM

Posted 25 June 2014 - 04:13 PM


I had a domain with two Server 2012 DCs: DC1 and DC2.


I decommissioned DC2 by removing the role, and had no problems.  The domain appeared fine afterwards.


I then created two new Server 2012 R2 DCs: DC01 and DC02.


Again, there did not seem to be any issues with the domain and the three DCs appeared fine.


Next i transferred the FSMO roles from DC1 to DC01, then i tried to demote DC1 which complained repeatedly.  I could not get DC1 to demote, and none of the logs showed the sources of the problem, so after following a Perti guide on removing a dead DC, forced the demotion of DC1 (just ticking the tick box to force it).  That is when I realised that DC01 and DC02 were not sufficient, and the domain was lost.]


I used a System State backup of DC1 to recover that machine and the domain is back up again, users can log in once more, but there are many errors in DCDiag.  I cannot ping the domain, and when I shut down DC1, the domain is once again inaccessible.


The main problems are:


Since restoring DC1 the computer object does not exist in the domain

I cannot ping the domain (Home.net)

I cannot manage the domain (AD Users and Computers) from either DC01 and DC02

DC01 and DC02 do not have SYSVOL or NETLOGON shares (appear to never have had since migrating the FSMO roles - why??)

         Warning: DsGetDcName returned information for \\DC1.Home.net, when we were trying to reach DC01.
         ......................... DC01 failed test Advertising


I ultimately want to remove DC1 and keep DC01 and DC02, however, i understand this may not be possible.  It IS an option to completely delete DC01 and DC02 and rebuild those machines from scratch (one physical and once VM).


My main concern is that I may lose the domain again.

Can anyone help me with this?


Attached Files

  • Attached File  DC1.log   21.71KB   6 downloads
  • Attached File  DC01.log   19.03KB   4 downloads
  • Attached File  DC02.log   22.57KB   1 downloads

BC AdBot (Login to Remove)


#2 JohnnyJammer


  • Members
  • 1,118 posts
  • Gender:Male
  • Location:QLD Australia
  • Local time:03:31 AM

Posted 25 June 2014 - 10:11 PM

Now when you say you realised the dc01 & 2 where not efficient, where they able to act as the global catalog server/servers or domain controllers? have you tried active directory recycle bin ? its a good program.

Can the computers on the network login and the user and machine accounts join and login? If so then i think you might need to reset the servers machine accoutn usign the follow netdom command (link here http://technet.microsoft.com/en-us/library/cc788073.aspx) Run this from the server thats havign the issue IE(DC1).

EDIT:I just looked at the logs, ill edit the command you will need to do. DC01 is still holding the roles.

netdom resetpwd /Server:DC01 /UserD:Administrator /PasswordD:paswordhere

Another option is try runnign this comamnd from DC1

dcdiag /s:DC1 /repairmachineaccount

Reboot server after resetting the machine account mate and let me know if that fixes it.

Edited by JohnnyJammer, 25 June 2014 - 10:30 PM.

#3 JohnnyJammer


  • Members
  • 1,118 posts
  • Gender:Male
  • Location:QLD Australia
  • Local time:03:31 AM

Posted 02 July 2014 - 05:32 PM

Is this resolved mate? You havnt replied back.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users