Archives

April 2004 (7)
March 2004 (12)
February 2004 (12)
January 2004 (22)
December 2003 (19)
November 2003 (16)
October 2003 (26)
September 2003 (18)
August 2003 (38)
July 2003 (80)
June 2003 (13)
May 2003 (24)
April 2003 (76)
March 2003 (75)
February 2003 (51)
January 2003 (73)

Category

Family (5)
FYI (18)
Games (2)
Geek (88)
Geographic (3)
Hacks (13)
Home (15)
Humor (54)
Ideas (20)
Ideaspace (15)
Local (15)
Metadata (10)
Microsoft (2)
MovableType (5)
Nitwits (66)
PKI (2)
Politics (22)
Quotes (3)
RDF (15)
RSS (4)
Security (3)
Semantic Web (13)
Site Info (13)
Social Networks (1)
Spam (9)
Sysadmin (1)
Tips (2)
Tivo (2)
TMFTOTHD (1)
To Do (1)
Unlisted (1)
Web (3)
Windows (1)

Local

« MetroBlogs »
DC metroblogs
beltway bloggers

Links

Assorted bits

Blogroll Me!
GeoURL
Listed on BlogShares




September 15, 2003

Back online long enough to get demoted

This has been the Summer from Hell for machines around here. From drive failures to electric brownouts, it's been rough. One box had to come offline for more than a month. Being it was a Windows Active Directory controller made for some interesting problems. Fortunately easy to solve.

The machine in question blew out it's power supply. I'm sure Pepco's crappy level of service around here is to blame. It would boot for a while and then just shut down. It wasn't even reliable enough to perform a proper disconnect from the domain. The remaining parts of the network survived just fine. That was just a matter of telling one of the other domain controllers to seize the FSMO roles. But when I brough the old machine back to life it didn't want to play along. The current machines had gotten themselves far ahead in their replication and didn't want to play nice with the old box.

All I needed to do was run dcpromo to demote the box. But it threw an error message about not being able to logon to the existing domain. That and a netdom /query fsmo showed it to be still using the old (pre failure) domain roles.

After the usual go-rounds searching within Technet, I stumbled across a message indicating the use of Directory Recovery safe mode. So I rebooted the pesky machine, pressed F8 and started it up into that mode. A quick set of ntdsutil commands, a reboot and voila, it's back online.

Long enough to demote it from being a domain controller, of course. I only needed to rejoin so that I could properly remove it from the domain.

There's some deep mojo about machines and their particpation in the Active Directory that you dare not screw around with without exercising a lot of caution.

It's been my experience that it 'doing it the right way' instead of just whacking it out of the AD is important. May the Lord have mercy on your soul if you ever try manually editing the schema... It's not for the faint of heart.

Now to scrounge up my RedHat 9 CDs and take a crack at getting linux installed on it...

Geek, Microsoft
Perma  | Comments (0) | TrackBack (0) | 02:36 PM  | xml
Comments
Post a comment






* if you do not leave a valid e-mail or URL your comment may be deleted *







Navigation

Recent Entries

America and Europe: Vive la différence?
Server changes afoot
Diet behavior mod
Googling for sensitive info
Outlook 2003 and IMAP, a marriage made in Hell
Bike to Work Day, May 7th
Speakeasy rocks
Zippo USB?
When geographic data is nowhere 'near' correct
Local campaign contributions

User comments
Trackbacks

Contact

send me an e-mail E-mail
chat with me using MS messenger MSN Messenger
chat with me via AIM America Online
chat with me on ICQ ICQ
chat with me on Yahoo! Yahoo
Add my vCard to your electronic addressbook vCard
Friend of a Friend FoaF

Syndication

XML  RDF  CDF

Comments

XFML

Extra Stuff

foaf
vCard
pgp info
Linked In
Powered by
Movable Type 2.64