In our New York site we have two domain controllers. It seems that both have the same SID (they were built before I started here so it's not my fault!).
This has caused Directory Replication to fail and also prevents our users out there from mapping drives to the file servers here in London ([tt]"The target account name is incorrect"[/tt] - an error we also see when we run [tt]netdom resetpwd /s:<name_of_pdc_emulator> /userd:administrator /passwordd:*[/tt] when we've tried to reset the account password).
So, we need to re-establish them as unique boxes.
Rebuilding each from scratch (Plan A) would be easiest of course but we have no tech support staff out there so that leads us in to Plan B which is something like (one server at a time!)
- Demote to a member server
- Remove it from the domain (if the demotion doesn't do this already)
- Run NewSID.exe (or similar)
- Remove references to the server from AD (with ADSIEdit and/or NTDSUtil)
- Give the server a new IP address (just to be sure!)
- Promote the server to a DC for the site
This is all something I've never done before so please, if I've missed something here, for the love of all that is holy tell me! What do I need to look out for? How do I use ADSIEdit and NTDSUtil? DOes this even begin to look like a decent solution?!
JJ
[small][purple]Variables won't. Constants aren't[/purple][/small]
This has caused Directory Replication to fail and also prevents our users out there from mapping drives to the file servers here in London ([tt]"The target account name is incorrect"[/tt] - an error we also see when we run [tt]netdom resetpwd /s:<name_of_pdc_emulator> /userd:administrator /passwordd:*[/tt] when we've tried to reset the account password).
So, we need to re-establish them as unique boxes.
Rebuilding each from scratch (Plan A) would be easiest of course but we have no tech support staff out there so that leads us in to Plan B which is something like (one server at a time!)
- Demote to a member server
- Remove it from the domain (if the demotion doesn't do this already)
- Run NewSID.exe (or similar)
- Remove references to the server from AD (with ADSIEdit and/or NTDSUtil)
- Give the server a new IP address (just to be sure!)
- Promote the server to a DC for the site
This is all something I've never done before so please, if I've missed something here, for the love of all that is holy tell me! What do I need to look out for? How do I use ADSIEdit and NTDSUtil? DOes this even begin to look like a decent solution?!
JJ
[small][purple]Variables won't. Constants aren't[/purple][/small]
