Discussion:
Domain Controller problem
(too old to reply)
Ray
2004-07-29 20:39:45 UTC
Permalink
Hi there, a couple of days ago I asked a question that I could not add new
DC in my domain. In fact, the problem is I lost PDC emulator in my domain.
At the beginning, my first DC was running on windows 2000, and I added some
windows 2003 servers as DCs in my domain and then replaced the computer of
the first DC (new/better computer running on windows 2003). After adding the
new computer as the first DC (same IP, same Name), I removed other DCs.

Here is my problem now. When choosing "Raise Domain Functional Level" in
"Active Directory Domains and Trusts", I cannot upgrade from "Windows 2000
native" to "Windows server 2003" because "The domain functional level cannot
be raised because the PDC could not be contacted". If clicking "Properties",
a dialog box shows up, "You cannot modify domain or trust information
because a Primary Domain Controller (PDC) emulator cannot be contacted.
Please verify that the PDC emulator and the network are both online and
functioning properly."

Is the concept of PDC in Windows 2000/2003??? How can I solve the problem?

Thanks.

Ray


Attach the error message from "DCDIAG /V"

"
Running enterprise tests on : mydomain.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... image.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\firstdc.mydomain.local
Locator Flags: 0xe00001bc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
135
5
A Good Time Server could not be located.
KDC Name: \\first.mydomain.local
Locator Flags: 0xe00001bc
......................... mydomain.local failed test FsmoCheck
"
Jérôme Moinard
2004-07-30 08:57:02 UTC
Permalink
Hi,

What you have to do is to force a DC to become the PDC.
You have to use ntdsutil.
Open a cmd on your DC, enter ntdsutil, it will get you in the tool.
then use the connect to command to connect to the DC you want to become the PDC.
When connected, enter roles.
then type: seize PDC.

Your DC will become the PDC.
I think that you have to do this for the RID master and infrastructure master.
To know if you have to, open AD users and computers, right click your domain then Operation master, look at the 3 tab you must have a DC name in each, if not you have to repeat ntdsutil for the 2 other roles.

Hope this help.
If it is not clear have a look in the technet for FSMO roles.
--
Jérôme Moinard
Post by Ray
Hi there, a couple of days ago I asked a question that I could not add new
DC in my domain. In fact, the problem is I lost PDC emulator in my domain.
At the beginning, my first DC was running on windows 2000, and I added some
windows 2003 servers as DCs in my domain and then replaced the computer of
the first DC (new/better computer running on windows 2003). After adding the
new computer as the first DC (same IP, same Name), I removed other DCs.
Here is my problem now. When choosing "Raise Domain Functional Level" in
"Active Directory Domains and Trusts", I cannot upgrade from "Windows 2000
native" to "Windows server 2003" because "The domain functional level cannot
be raised because the PDC could not be contacted". If clicking "Properties",
a dialog box shows up, "You cannot modify domain or trust information
because a Primary Domain Controller (PDC) emulator cannot be contacted.
Please verify that the PDC emulator and the network are both online and
functioning properly."
Is the concept of PDC in Windows 2000/2003??? How can I solve the problem?
Thanks.
Ray
Attach the error message from "DCDIAG /V"
"
Running enterprise tests on : mydomain.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... image.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\firstdc.mydomain.local
Locator Flags: 0xe00001bc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
135
5
A Good Time Server could not be located.
KDC Name: \\first.mydomain.local
Locator Flags: 0xe00001bc
......................... mydomain.local failed test FsmoCheck
"
Ray
2004-07-30 21:21:57 UTC
Permalink
Hi, JšŠr?me,

I really appreciate your help. Everything is fine after using ntdsutil. I
had to seize everything, domain naming master, infrastructure master, PDC,
RID master, schema master.

It's said there is no PDC in windows 2k/2003 domains, why do I still need to
set PDC???

Anyway, everything ok now. Thanks again.

Ray
Post by Jérôme Moinard
Hi,
What you have to do is to force a DC to become the PDC.
You have to use ntdsutil.
Open a cmd on your DC, enter ntdsutil, it will get you in the tool.
then use the connect to command to connect to the DC you want to become the PDC.
When connected, enter roles.
then type: seize PDC.
Your DC will become the PDC.
I think that you have to do this for the RID master and infrastructure master.
To know if you have to, open AD users and computers, right click your
domain then Operation master, look at the 3 tab you must have a DC name in
each, if not you have to repeat ntdsutil for the 2 other roles.
Post by Jérôme Moinard
Hope this help.
If it is not clear have a look in the technet for FSMO roles.
--
JšŠr?me Moinard
Post by Ray
Hi there, a couple of days ago I asked a question that I could not add new
DC in my domain. In fact, the problem is I lost PDC emulator in my domain.
At the beginning, my first DC was running on windows 2000, and I added some
windows 2003 servers as DCs in my domain and then replaced the computer of
the first DC (new/better computer running on windows 2003). After adding the
new computer as the first DC (same IP, same Name), I removed other DCs.
Here is my problem now. When choosing "Raise Domain Functional Level" in
"Active Directory Domains and Trusts", I cannot upgrade from "Windows 2000
native" to "Windows server 2003" because "The domain functional level cannot
be raised because the PDC could not be contacted". If clicking "Properties",
a dialog box shows up, "You cannot modify domain or trust information
because a Primary Domain Controller (PDC) emulator cannot be contacted.
Please verify that the PDC emulator and the network are both online and
functioning properly."
Is the concept of PDC in Windows 2000/2003??? How can I solve the problem?
Thanks.
Ray
Attach the error message from "DCDIAG /V"
"
Running enterprise tests on : mydomain.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... image.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\firstdc.mydomain.local
Locator Flags: 0xe00001bc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
135
5
A Good Time Server could not be located.
KDC Name: \\first.mydomain.local
Locator Flags: 0xe00001bc
......................... mydomain.local failed test FsmoCheck
"
Omer maydan
2004-07-31 18:10:31 UTC
Permalink
pdc is an domain level FSMO role in windows 2000\2003. when it installed on
a DC it uses for few things:

1. answering ldap queries for backwared compatability with NT4 etc...
workstations, as well exchange 5.5 servers
2. uses for group policy updates by default
3. uses as the default ntp server
+
4. in mixed mode, the dc with the PDC emulator Role, updates all the
remaining BDC's of the older NT4 envioenment. when you don't have any more
BDC's in your enviornment, you raise the domain functionality level, and by
that the PDC emulator stops sending updates to the Backwardes BDC's (if
anyone left)

about Domain and forest functionality level in 2003, on later time...
--
Omer Maydan
MCSE, Security+
Post by Ray
Hi, JšŠr?me,
I really appreciate your help. Everything is fine after using ntdsutil. I
had to seize everything, domain naming master, infrastructure master, PDC,
RID master, schema master.
It's said there is no PDC in windows 2k/2003 domains, why do I still need to
set PDC???
Anyway, everything ok now. Thanks again.
Ray
Post by Jérôme Moinard
Hi,
What you have to do is to force a DC to become the PDC.
You have to use ntdsutil.
Open a cmd on your DC, enter ntdsutil, it will get you in the tool.
then use the connect to command to connect to the DC you want to become
the PDC.
Post by Jérôme Moinard
When connected, enter roles.
then type: seize PDC.
Your DC will become the PDC.
I think that you have to do this for the RID master and infrastructure
master.
Post by Jérôme Moinard
To know if you have to, open AD users and computers, right click your
domain then Operation master, look at the 3 tab you must have a DC name in
each, if not you have to repeat ntdsutil for the 2 other roles.
Post by Jérôme Moinard
Hope this help.
If it is not clear have a look in the technet for FSMO roles.
--
JšŠr?me Moinard
Post by Ray
Hi there, a couple of days ago I asked a question that I could not add
new
Post by Jérôme Moinard
Post by Ray
DC in my domain. In fact, the problem is I lost PDC emulator in my
domain.
Post by Jérôme Moinard
Post by Ray
At the beginning, my first DC was running on windows 2000, and I added
some
Post by Jérôme Moinard
Post by Ray
windows 2003 servers as DCs in my domain and then replaced the
computer
Post by Ray
of
Post by Jérôme Moinard
Post by Ray
the first DC (new/better computer running on windows 2003). After
adding
Post by Ray
the
Post by Jérôme Moinard
Post by Ray
new computer as the first DC (same IP, same Name), I removed other DCs.
Here is my problem now. When choosing "Raise Domain Functional Level" in
"Active Directory Domains and Trusts", I cannot upgrade from "Windows
2000
Post by Jérôme Moinard
Post by Ray
native" to "Windows server 2003" because "The domain functional level
cannot
Post by Jérôme Moinard
Post by Ray
be raised because the PDC could not be contacted". If clicking
"Properties",
Post by Jérôme Moinard
Post by Ray
a dialog box shows up, "You cannot modify domain or trust information
because a Primary Domain Controller (PDC) emulator cannot be contacted.
Please verify that the PDC emulator and the network are both online and
functioning properly."
Is the concept of PDC in Windows 2000/2003??? How can I solve the
problem?
Post by Jérôme Moinard
Post by Ray
Thanks.
Ray
Attach the error message from "DCDIAG /V"
"
Running enterprise tests on : mydomain.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... image.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\firstdc.mydomain.local
Locator Flags: 0xe00001bc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
error
Post by Jérôme Moinard
Post by Ray
135
5
A Good Time Server could not be located.
KDC Name: \\first.mydomain.local
Locator Flags: 0xe00001bc
......................... mydomain.local failed test FsmoCheck
"
Continue reading on narkive:
Loading...