Help: One and only global catalog DC down. 5 FSMO on 1st s..

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks in advance.

We have Active directory in a mixed mode environment (w2ks and NTs).
The active directory as only 2 DCs.
(1 having all FSMOs, DNS, WINS - the other Global Catalog)

2 days ago, the DC which hosts the only Global catalog crashed.
We had done a rebuild on the server and rejoined the domain as a member server.

Our first-site DC is still online; having all FSMO and DNS.
- (but not a Global Catalog server)

all our users are still able to login - via the remainding DC.
But, we cannot create new user accounts as there isnt a global catalog server.

Question:
Could we goto NTDS settings and enable the DC as Global Catalog?


All feedback appreciated, thank you for your time.
14 answers Last reply
More about help global catalog down fsmo
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Alvin,

    In an environment with only one Domain controller, it is perfectly fine to
    have all of the FSMO roles and the GC on the same box. Enable the GC and
    you'll be fine.

    --
    Ryan Hanisco
    MCSE, MCDBA
    FlagShip Integration Services
    Chicago, IL

    "alvin" <alvinalf1@yahoo.com> wrote in message
    news:b38c0519.0504061154.18e959fc@posting.google.com...
    > Thanks in advance.
    >
    > We have Active directory in a mixed mode environment (w2ks and NTs).
    > The active directory as only 2 DCs.
    > (1 having all FSMOs, DNS, WINS - the other Global Catalog)
    >
    > 2 days ago, the DC which hosts the only Global catalog crashed.
    > We had done a rebuild on the server and rejoined the domain as a member
    > server.
    >
    > Our first-site DC is still online; having all FSMO and DNS.
    > - (but not a Global Catalog server)
    >
    > all our users are still able to login - via the remainding DC.
    > But, we cannot create new user accounts as there isnt a global catalog
    > server.
    >
    > Question:
    > Could we goto NTDS settings and enable the DC as Global Catalog?
    >
    >
    > All feedback appreciated, thank you for your time.
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Thank you Ryan for the fast reply.

    Once I get the Global catalog to reside on my First-site-name DC,
    do i need to clean up the active directory enteries of metadata?

    This is because my old global catalog serveris still being listed as a DC.

    Thank you.


    "Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message news:<uHBw5QvOFHA.3336@TK2MSFTNGP10.phx.gbl>...
    > Alvin,
    >
    > In an environment with only one Domain controller, it is perfectly fine to
    > have all of the FSMO roles and the GC on the same box. Enable the GC and
    > you'll be fine.
    >
    > --
    > Ryan Hanisco
    > MCSE, MCDBA
    > FlagShip Integration Services
    > Chicago, IL
    >
    > "alvin" <alvinalf1@yahoo.com> wrote in message
    > news:b38c0519.0504061154.18e959fc@posting.google.com...
    > > Thanks in advance.
    > >
    > > We have Active directory in a mixed mode environment (w2ks and NTs).
    > > The active directory as only 2 DCs.
    > > (1 having all FSMOs, DNS, WINS - the other Global Catalog)
    > >
    > > 2 days ago, the DC which hosts the only Global catalog crashed.
    > > We had done a rebuild on the server and rejoined the domain as a member
    > > server.
    > >
    > > Our first-site DC is still online; having all FSMO and DNS.
    > > - (but not a Global Catalog server)
    > >
    > > all our users are still able to login - via the remainding DC.
    > > But, we cannot create new user accounts as there isnt a global catalog
    > > server.
    > >
    > > Question:
    > > Could we goto NTDS settings and enable the DC as Global Catalog?
    > >
    > >
    > > All feedback appreciated, thank you for your time.
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Alvin,

    Being a GC is not nearly as touchy as the FSMO roles. You can go through
    the SRV records on the DNS and pull the old references out but you'll not
    see a huge difference.

    There isn't anything you should do with NTDSUTIL when moving a GC.

    --
    Ryan Hanisco
    MCSE, MCDBA
    FlagShip Integration Services
    Chicago, IL

    "alvin" <alvinalf1@yahoo.com> wrote in message
    news:b38c0519.0504062209.269379e5@posting.google.com...
    > Thank you Ryan for the fast reply.
    >
    > Once I get the Global catalog to reside on my First-site-name DC,
    > do i need to clean up the active directory enteries of metadata?
    >
    > This is because my old global catalog serveris still being listed as a DC.
    >
    > Thank you.
    >
    >
    >
    >
    > "Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message
    > news:<uHBw5QvOFHA.3336@TK2MSFTNGP10.phx.gbl>...
    >> Alvin,
    >>
    >> In an environment with only one Domain controller, it is perfectly fine
    >> to
    >> have all of the FSMO roles and the GC on the same box. Enable the GC and
    >> you'll be fine.
    >>
    >> --
    >> Ryan Hanisco
    >> MCSE, MCDBA
    >> FlagShip Integration Services
    >> Chicago, IL
    >>
    >> "alvin" <alvinalf1@yahoo.com> wrote in message
    >> news:b38c0519.0504061154.18e959fc@posting.google.com...
    >> > Thanks in advance.
    >> >
    >> > We have Active directory in a mixed mode environment (w2ks and NTs).
    >> > The active directory as only 2 DCs.
    >> > (1 having all FSMOs, DNS, WINS - the other Global Catalog)
    >> >
    >> > 2 days ago, the DC which hosts the only Global catalog crashed.
    >> > We had done a rebuild on the server and rejoined the domain as a member
    >> > server.
    >> >
    >> > Our first-site DC is still online; having all FSMO and DNS.
    >> > - (but not a Global Catalog server)
    >> >
    >> > all our users are still able to login - via the remainding DC.
    >> > But, we cannot create new user accounts as there isnt a global catalog
    >> > server.
    >> >
    >> > Question:
    >> > Could we goto NTDS settings and enable the DC as Global Catalog?
    >> >
    >> >
    >> > All feedback appreciated, thank you for your time.
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi Ryan and all,

    I've just enabled Global catallog on the 1st Domain Controller with the
    FSMOs.

    Glad to feedback that once I checked the "enable as Global Catalog"
    box, the server prompted a minimal 5 minutes of wait time was needed to
    prepare it - After 5 mins, Event viewer reported the server is now a
    GC.
    All the GC not found errors have also stopped once it was assigned the
    new GC role.

    >From AD Replication monitor on another memeber server, I verified that
    the 1st DC has the new GC role.

    Is this enough to confirm GC is working again?
    Do I need to test by added a new user account on one of the NT4 servers
    and see if it gets replicated to the W2k DC?
    Or, run dcdiag?

    I will be doing a dcpromo on the failed DC with the original GC later -
    having the same computername.
    Will be giving it a GC role too so that, we have GC redundancy. (learnt
    the hard way).
    Is it as simple as enabling it at NTDS again?

    Thanks
  5. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    After the 1st DC was enabled with GC role, I reinstalled the crashed
    DC2.

    Was able to do a dcpromo and subsequently, enabled GC to DC2.
    I did not do a ntdsutil metadata cleanup, but after enabling GC on DC2,
    active directory was smart enough to do cleanup automatically.

    Finished off by running dcdiag /v - all tests passed.

    So now I'm back with 2DCs with 2GCs - but only 1 DNS on DC1.

    Anything I need to check/take note?

    Ryan, thank you again!
  6. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi Williams,

    Thank you for the reply.
    I'll need to find out more if my current DC1's DNS is an AD-integrated
    DNS.
    (seriously, I dont think it is setup as such now)
    It really does make sense to add redundency after this wake-up call.

    I running AD in mixed mode: 2DCs, 6 w2k member servers, 5 NT BDCs
    all pointing to DC1 for DNS.

    Any issues with setting up AD-integrated with the NT4 servers?

    Thanks
  7. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    > So now I'm back with 2DCs with 2GCs - but only 1 DNS on DC1.

    Make both DCs AD-Integrated DNS servers.

    --
    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/
  8. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi all!

    DC1's DNS is actually setup as AD-integrated DNS.
    now I need to get my hands on some HowTo's to check if I can juz
    install DNS onto DC2 and let AD replicate the zones...
  9. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    No need for a how-to --that's exactly what you do!

    Once DNS is installed on a DC, when the DC starts it will load the zone
    (unless it's configured _not_ to pull from AD -which isn't the case by
    default).

    --
    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/
  10. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    alvinalf1@yahoo.com wrote:
    > Hi Williams,
    >
    > Thank you for the reply.
    > I'll need to find out more if my current DC1's DNS is an AD-integrated
    > DNS.
    > (seriously, I dont think it is setup as such now)
    > It really does make sense to add redundency after this wake-up call.
    >
    > I running AD in mixed mode: 2DCs, 6 w2k member servers, 5 NT BDCs
    > all pointing to DC1 for DNS.
    >
    > Any issues with setting up AD-integrated with the NT4 servers?
    >
    As long *they* don't run DNS, no, I'd say.

    Cheers,

    Cliff

    --

    Barzoomian the Martian - http://barzoomian.blogspot.com
  11. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi!
    once DNS was installed on DC2.. it replicated forward and reverse zones
    at once.

    on comparing zones with the primary DNS server on DC1, the new DNS
    server does not have the "." zone...

    is this normal?

    Also, on the new DNS server DC2... do I need to change the DNS server
    ip to point to itself?
    It is now pointing to DNS on DC1...

    Thanks!
  12. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi Paul,
    Thanks for the input. This thread is fast becoming to :
    "How to add failsafes after a crash ...." ;P

    I found this article:

    http://support.microsoft.com/kb/291382/

    Question: How do I set up DNS for other domain controllers in the
    domain that are running DNS?

    Answer: For each additional domain controller that is running DNS, the
    preferred DNS setting is the parent DNS server (first domain controller
    in the domain), and the alternate DNS setting is the actual IP address
    of network interface.

    I guess I'll follow that and set the 2nd DNS server's preferred DNS
    setting as DC1 and alternate as pointing to itself....

    And for the other non-DNS DCs & member servers, I'll do the same:
    preferred DNS: DC1 DNS
    alternate DNS: DC2 DNS

    Thanks
  13. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    > is this normal?

    Yes, and no. That . zone is there because the DNS Installation wizard
    couldn't contact another DNS server during setup. It is not needed;
    especially if you wish to resolve Internet names. Personally, I would
    delete the root ('.') zone.


    > Also, on the new DNS server DC2... do I need to change the DNS server ip
    > to point to itself? It is now pointing to DNS on DC1...

    That's up to you. It really doesn't matter. If this were a remote site,
    I'd say yes -point to self. If there are other DCs/ DNS servers on the LAN
    then you can do what you want - point to self; point to each other; point to
    a central -it's up to you.

    What is important is that there is more than on DNS server configured in the
    list (if you are not pointing to self - it should be there even if you are
    pointing to self, but lets be fair -what DNS server on a DC is going to be
    up if the DC isn't ;-)


    --
    Paul Williams
    Microsoft MVP - Windows Server - Directory Services
    http://www.msresource.net | http://forums.msresource.net
  14. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi Alvin,

    > For each additional domain controller that is running DNS, the preferred
    > DNS setting is the parent DNS server (first domain controller in the
    > domain), and the alternate DNS setting is the actual IP address of network
    > interface.

    This is just one way of doing it. There's no real hard and fast rule. I
    recommend a similar setup:

    [Remote Site]
    1. A DC in the same site OR Self.
    2. Another DC in the same site (this step can be skipped, but is worth
    doing if you have expensive and slow WANs)
    3. Another DC in the central site, or a well-connected site.

    [Main Site]
    1. A DC.
    2. Self

    Self obviously only applies to DNS servers (usually DCs). Try and localise
    DNS though.

    All the best to you!!!

    --
    Paul Williams
    Microsoft MVP - Windows Server - Directory Services
    http://www.msresource.net | http://forums.msresource.net
Ask a new question

Read More

Active Directory Servers Windows