My first instinct is to say "please step away from the keyboard" but that's just to make me chuckle. :)
It looks like the old server, FTP1 was configured as a time server? Or was it an AD domain controller?
The answer to that guides the rest of the conversation, but the best thing to do regardless is to flatten the Sweden server. Rebuild it completely with a new name and everything. Because you're not sure of the state, be sure to get a backup should you need it.
If everything else is fine, then you'll want to rebuild that server, rejoin it to the appropriate domain and let it settle. Before you continue, you'll want to ensure that everything else is in good shape including dns, replication and authentication at a minimum.
DNS would be my primary concern at this point. Don't mess with the forest, domain or any of the other pieces if you can help it. Upgrading the forest functional level or the domain functional level is not something you want to just walk out and pull the trigger on without understanding what it means and what the implications are.
Al
On 10/5/06, Steve Egan (Temp) <[EMAIL PROTECTED]> wrote:
I'm the System/Network Engineer for Purcell Systems, and I'm afraid I've
"screwed the pooch" on my network. Here's how:
Shut down an antiquated FTP server after transferring files to the "new"
FTP server. The old one's OS was Win2K, the new one is Win2003.
I *did not* do anything to AD at the time this occurred.
A day before I started working here (8/8/06) the server in Sweden was
rebuilt by a local consultant. Hardware failure. He rebuilt from bare
metal, and set up the DNS and AD incorrectly. The end result was a
server sitting in its own domain. DNS was somehow told to replicate to
the server, and was working fine.
I next tried to put/rename/move the Sweden server into the Purcell.com
domain. Oops, have to "upgrade" out of Win2000 mixed mode. No problem,
I'll just transfer the AD, DNS, and PDC to a "master" machine running
Win2003 and have lotsa machines (okay, one or two) running as PDCs and
alternate DNS and AD, right?
Here's where the pooch got this way - I'm a n00b when it comes to AD,
and somehow in the "transfer" of functions I've messed up the domain
something fierce. AD and DNS work just fine (replicate) on the USA and
Poland servers, but I tried "upgrading" the Sweden server to the forest
and things got cranky - it wouldn't upgrade because it swore up and down
that the domain was still in pre-Win2003 mode. In frustration, I tore
down DNS and AD on the Sweden server, and rebuilt them - not an easy
task by remote control...
The DNS rebuilt just peachy on the Sweden server, but when I go to
install AD on it, it tells me that the domain ain't ready for prime time
- I have to run adprep on the domain. I ran adprep the first time, and
everything appeared to work just fine. Subsequent attempts are rebuffed
- I've already prepared the domain, it tells me. The Sweden server just
refuses to accept that the AD in the domain is Win2003 mode. I've
checked - it's mode 2 on all the AD machines. The necessary containers
for a Win2003 AD have been built! SOMEthing is preventing the ADPREP
from executing properly. Here's a partial log entry from the Sweden
server (adprep.log?):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10/05 01:34:26 [INFO] Searching for a domain controller for the domain
PURCELLSYSTEMS.COM that contains the account PURCELLABSWE$10/05 01:34:27
[INFO] Located domain controller FTP1.PURCELLSYSTEMS.COM for domain
PURCELLSYSTEMS.COM10/05 01:34:27 [INFO] Using site PURCELLSYSTEMS for
server \\FTP1.PURCELLSYSTEMS.COM10/05 01:34:27 [INFO] Forcing time sync
10/05 01:34:27 [INFO] Forcing a time synch with
\\FTP1.PURCELLSYSTEMS.COM10/05 01:34:29 [ERROR] Failed to get the
current time on \\FTP1.PURCELLSYSTEMS.COM: 5
10/05 01:34:29 [ERROR] NON-FATAL error forcing a time sync (5).
Ignoring
10/05 01:34:32 [INFO] Stopping service NETLOGON10/05 01:34:32 [INFO]
Stopping service NETLOGON10/05 01:35:32 [INFO] Configuring service
NETLOGON to 1 returned 0
10/05 01:35:32 [INFO] Stopped NETLOGON
10/05 01:35:32 [INFO] Deleting current sysvol path C:\WINDOWS\SYSVOL
10/05 01:35:36 [INFO] Created system volume path
10/05 01:35:36 [INFO] Copying initial Directory Service database file
C:\WINDOWS\system32\ntds.dit to C:\WINDOWS\NTDS\ntds.dit10/05 01:35:36
[INFO] Installing the Directory Service10/05 01:35:36 [INFO] Calling
NtdsInstall for PURCELLSYSTEMS.COM
10/05 01:35:36 [INFO] Starting Active Directory installation
10/05 01:35:36 [INFO] Validating user supplied options
10/05 01:35:36 [INFO] Determining a site in which to install
10/05 01:35:36 [INFO] Examining an existing Active Directory forest
10/05 01:35:40 [INFO] Error - The Active Directory Installation Wizard
cannot continue because the forest is not prepared for installing
Windows Server 2003. Use the Adprep command-line tool to prepare both
the forest and the domain. For more information about using the Adprep,
see Active Directory Help. (8467)
10/05 01:35:40 [INFO] NtdsInstall for PURCELLSYSTEMS.COM returned 8467
10/05 01:35:40 [INFO] DsRolepInstallDs returned 8467
10/05 01:35:40 [ERROR] Failed to install to Directory Service (8467)
10/05 01:35:49 [INFO] Starting service NETLOGON10/05 01:35:49 [INFO]
Configuring service NETLOGON to 2 returned 0
10/05 01:35:49 [INFO] The attempted domain controller operation has
completed10/05 01:35:49 [INFO] DsRolepSetOperationDone returned 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Oh crap. Now what? Ideas?
Steve Egan
Purcell Systems
System/Network Administrator
desk 509 755-0341 x110
cell 509 475-7682
fax 509 755-0345
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
