Home Based Business Opportunity Network Marketing - 25 Easy Steps to Recover a Downed Domain Controller (Don't Panic)

We will be getting to the good stuff soon enough. Don't go to sleep on me. Let's go over some definitions. These control the overall environment. Infrastructure Master and PDC Emulator, rID Master, domain Naming Master, it has roles such as the Schema master. The domain controller does several different things, see. Why do you want to have multiple domain controllers? Let's digress a little. Not many companies know the importance of having more than one domain controller in their environment. I want to tip my hat to you, first, well. What should we do if the domain controller does go down and we have another domain controller, so? What you do need to do is make sure that it is redundant. The domain controller is a power server but it does not have to be put on a very powerful box. I put this lightly. You may have had a technician install this beast of a computer, on the other hand, but. The domain controller is only the most important computer within your Windows Server 2008 domain. Now if you do not know what the domain controller is then you are in for a treat. Then you may have had the unexpected pleasure of having a Domain Controller fail on you, if you are one of the many businesses that have Windows Server 2008.

Schema Master

You need to be in the same Forest as this domain controller, when you update the schema which is known as extending the schema. There is only one Schema Master per Forest. This role is located on the first domain controller that is added to the Forest by default. It only controls every entry that we make into the Active Directory Domain Service utility called ADUC which is short for Active Directory Users and Computers. You can say that this is relatively important server, so. The Schema Master controls the updates to the schema, so. Now the schema is composed of Classes which are the Tables and Attributes which are the fields. The schema is a database. If you have used Excel or Access in the past then you have been exposed to a database. The schema is just a database. What is a schema, now you are asking?

Domain Naming Master

There is only one Domain Naming Master in the Forest. This role is located on the first domain controller that is added to the Forest default. The Domain Naming Master is in charge of keeping track of the adding and deletion of more domains within the environment. Security and policies, a domain is a logical grouping of computers where the domain controller is the central repository for accounts. What is the definition of a domain, so?

PDC Emulator

This is one of the most important servers in the Domain. There is only one per domain, but. The PDC Emulator is located in every domain in the Forest, now unlike the other roles. This role is located on the first domain controller that is added to the Forest by default. If this puppy is not functioning right then you whole environment will suffer. The main service that it controls is time. It takes the place of the Primary Domain Controller. That is where this role comes into play, so. The main domain controller was known as the Primary Domain Controller, well in the old days which is really little over 10 years. It was the predecessor to Windows Server 2008. Remember the old Operating System know as Windows NT 4.0.

RID Master

This role is located in every domain in the forest but only one per domain. If you bring this server on at the same time as another RID server then you will have a majorly messed up domain. Here is a tip do not recover this server. When we run out of RIDs then we will not be able to add additional security principals such as accounts. The RID is the Relative Identifier. The RID Master controls the RID Pool for the domain. Well the primary key that provides uniqueness within Active Directory Domain Services is the SID which is known as the Security ID. The unique identifier for a database is known as the primary key.

Infrastructure Master

This role is also located in every domain and there is only one per domain, back the Infrastructure Master. This will be covered in another article. The Global Catalog has a copy of every attribute in the Forest, but. I know we are about to go over the threshold limit of the human mind, ok. Now the reason I call this an odd animal is because it should not be on the same server as the Global Catalog. The Infrastructure Master tracks the moving of an object (account) from one OU (Organizational Unit) to another or domain. Maybe, well. We are not talking about Big Brother. This needs some clarification. The main purpose of the Infrastructure Master is tracking movement within the domain. This is an odd animal.

Take a coffee break and realign your thought process. Don't panic we can fix this. We come into work and find that the #1 domain controller has bit the dust, anyway. This just means that they have the same settings as the other guys. This introduces another term multi-master replication. The domain controllers in the Forest replicate there information to each other. No this is not cloning but similar. Replication. Here is another topic, ok. Make sure you have more than one domain controller per domain. Can you see where we are going with this, hELLO. If you only have one domain controller is contains all of these roles. The domain is down. . . . Remember our problem, see. But this is important. I know that is a lot to remember, whew.

To the Rescue

. . . . Are you ready, ok. Ntdsutil will allow us to everything that we need to do, of the tool tools. Before can do this we need to use one of two tools ADUC (Active Directory Users and Computers) or ntdsutil. This article is here to instruct you on how to recover from this disaster. Just kidding. Call me of course. How do we get our domain back up and functioning? Here is the good stuff, so. Yada yada yada; email server is down, users cannot logon. We have a pretty bad situation, so.

Recovering From Disaster

Logon with administrative credentials Go to the second domain controller (will Call this Jupiter). Step 1.

Type cmd at the run command prompt or access it from the Accessories menu under Programs on the menu Bring up the command prompt. Step 2.

Type ntdsutil at the command prompt and press Enter Step 3.

Type roles at the ntdsutil prompt and press Enter Step 4.

Type connections at the roles prompt and press Enter Step 5.

You will be presented with a message saying you are connected and using current credentials Type connect to server Jupiter at the connections prompt and press Enter. Step 6.

This will return you to the roles section Type quit at the connections prompt and press Enter. Step 7.

This will take over the Schema Master role and give it to Jupiter. Type seize Schema Master at the roles prompt and press Enter. Step 8.

This will take over the Domain Naming Master role and give it to Jupiter Type seize Naming Master at the roles prompt and press Enter. Step 9.

This will take over the PDC Emulator and give it to Jupiter Type seize PDC at the roles prompt and press Enter. Step 10.

This will take over the RID Master and give it to Jupiter Type seize RID master at the roles prompt and press Enter. Step 11.

Type seize infrastructure master at the roles prompt and press Enter Step 12.

The commands are not case sensitive either. The steps that are shown can be re-ordered when it comes to seizing, by the way. On to the next part, all righty then. You will be the savior of the network. This whole process will take about 10-20 minutes. Just kidding. Hold on don't get antsy this will have take only about 5 hours. There is more, wHAT? We are complete with the first part. Right now you are probably saying that is a lot of steps.

Cleanup Time

We need to clean up this mess and quickly. The partner is no longer available. The KCC (Knowledge Consistency Check) is looking for the partner. Active Directory Domain Services does not know who to replicate changes, also. If we were to bring that domain controller up again there would be major confusion. The other domain controller is still offline but still theoretically has those roles. Well we forcibly took over the roles. I pointed out each of the different roles and their purpose, now in the beginning of the article.

This will take us back to the beginning. Type quit at the roles prompt and press Enter. Step 13.

This routine will get rid of the SRV records lingering in DNS and also records of the other domain controller in Active Directory Domain Services database the Schema. Type metadata cleanup at the ntdsutl prompt and press Enter. Step 14.

We need to identify the downed domain controller. Type select operation target at the metadata cleanup prompt and press Enter. Step 15.

This will list the sites within the Forest Type list sites at the select operation target prompt and press Enter. Step 16.

This will select the site which has the records for the downed domain controller Type the # associated with the Site which the downed domain controller is part and press Enter. Step 17.

This will list the domain controllers that are in the Site Type list servers in the site at the select operation target prompt and press Enter. Step 18.

This will select the domain with the downed domain controller Type the # associated with domain the down domain controller and press Enter. Step 19.

This will take you back to the Metadata Cleanup section Type quit at the select operation target and press Enter. Step 20.

This will remove the records within Active Directory Domain Services Type remove selected server at the metadata cleanup prompt and press Enter. Step 21.

Takes you back to the beginning of ntdsutils Type quit at the metadata cleanup prompt and press Enter. Step 22.

Quits the ntdsutil utility Type quit at the ntdsutil prompt and press Enter. Step 23.

You may have to change focus of the domain controller. Ensure that you can open ADUC. DNS etc, check ADUC. Step 24.

Take old domain controller off line and reinstall Windows Server 2008 and dcpromo it Step 25.

See you later. Did I say that, oops. Now go change some passwords and play Halo at your desk. Your domain is back up and running. High five your staff and relax, go get that cup of coffee, right now. We will leave that for another article, but. There is a lot more that we can teach you. Do yourself a favor and make sure you have more than one domain controller in your environment. Just think if you did not have another domain controller within your Forest. What an ordeal, wow.