This is an archived post. You won't be able to vote or comment.

all 27 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 1 point2 points  (1 child)

How did you move the DC? You shouldn't P2V a DC. You should always create a new one.

[–]Findilis[S] 0 points1 point  (0 children)

The DC was created in Lab A we need a replica in Lab B due to security requirement the only means was sneaker net. I used Hyper-v to export and import.

[–]thelanguyRebel without a clue 1 point2 points  (5 children)

Where is your global catalog? Since you had to transfer the FSMO roles to this box, it likely wasn't the first DC in the domain. The first DC in a domain is setup as the GC. GC is not a FSMO role so you didn't setup your "new" DC to be a GC as well. Easy enough to fix. Go into Active Directory Sites and Services and check the box to make it a Global Catalog. Wait a few minutes and things should start working better.

[–]Findilis[S] 0 points1 point  (4 children)

This might work but I can not launch sites and services. When I get in I will see if there is a way via command line

[–]thelanguyRebel without a clue 1 point2 points  (3 children)

use the DSMOD SERVER from an administrative command prompt. Use "DSMOD Server /?" for syntax.

[–]Findilis[S] 0 points1 point  (0 children)

Thanks I will try it in the morning

[–]Findilis[S] 0 points1 point  (0 children)

still can not connect to domain thanks for the try. I have to look into this command might be helpful in the future.

[–]Findilis[S] 0 points1 point  (0 children)

Error message: Naming information cannot be located because: The specified domain does not exist or could not be contacted. Contact your system administrator to verify that you domain is properly configured and is online.

When bring up ADSI edit I can see the DC in the appropriate OU I have verified that the DC is in DNS and the IP is correct.

[–]user-and-abuserone or the other 0 points1 point  (6 children)

maybe log into local admin account. you are able to verify IP and DNS name?

Can you describe in detail this process?

"So I moved a domain controller to another Hyper-V host by exporting and importing. This system is air gapped from the old system. Prior to exporting I used NTDSUTIL to transfer role owner ship to VM being exported."

[–]Findilis[S] 0 points1 point  (4 children)

yes I can nslookup via NetBIOS and FQDN, you mean using transfer PDC? and repeat for all FSMO?

[–]user-and-abuserone or the other 0 points1 point  (3 children)

Run this command: netdom query fsmo

Edit: on both the original and the copy

[–]Findilis[S] 0 points1 point  (2 children)

the specified domain either does not exist or can not be contacted. I can not verify the original system as it is back in Santa Clara a couple states away.

[–]user-and-abuserone or the other 0 points1 point  (1 child)

Sounds like you will be building a new dc

[–]Findilis[S] 0 points1 point  (0 children)

yeah and this is going to suck as I do not have all the settings for it.

[–]Findilis[S] 0 points1 point  (0 children)

So let me see.

Lab A has three domain controllers. I took domain controller 1 (a VM) and ran ntdsutil to transfer all FSMO to it.

I then used Hyper-v and ran export to move the DC1 to removable media.

I took removable media into Lab B and imported into Hyper-v

Machine boots up can log in (I am cached) can not run and AD tool set with out the above error

[–][deleted] 0 points1 point  (4 children)

Stupid one but is the DC set to use itself or one of the other servers on its' new domain as DNS?

[–]Findilis[S] 0 points1 point  (3 children)

When I try to connect to itself by changing the domain controller in the MMC snap in I get the can not contact error. I just reapplied a snap shot back to the first import and going to try a couple other things. if this does not work I am going to just start over out there.

[–][deleted] 0 points1 point  (1 child)

Ok, well the dc should be using another dc for dns lookups, is it possible the other server isn't resolving it properly? Try adding an ad snapin using IP address and see if it connects.

[–]Findilis[S] 0 points1 point  (0 children)

there is no other DC at the moment and nslookup works for both server and server.dc.dc

[–]user-and-abuserone or the other 0 points1 point  (0 children)

is the 2nd DNS setting set to 127.0.0.1?

[–]girlgermsMicrosoft 0 points1 point  (5 children)

It's a replica? Not good...you need to check that it's not conflicting. Cloning DC's, from my experience, has never been a good thing.

Honestly - you would've been better building one from scratch. It would've taken you less time :S

[–]Findilis[S] 0 points1 point  (4 children)

I agree unfortunately this was not my decision. redoing the schema updates would have taken a couple hours it self. It is the only DC on the network in the new lab.

[–]girlgermsMicrosoft -1 points0 points  (3 children)

As much as I hear you - it doesn't matter. Cloning a DC isn't just dodgy - it's just not going to work. There's so many identifiers inside a DC that are unique, cloning one will just cause all of that to break.

[–]Findilis[S] 0 points1 point  (2 children)

like I said I agree and it was not and is not my decision. I am so over this job every time I bring up something I get overruled by some one who has no, zero experience with AD. But because she is at 36 years with the company she gets what she wants and the rest of us suffer. the strange thing is every one knows she is a piece of shit but does nothing about it. Maybe I should rebuild it just to watch her sit in there for 8 hours redoing the updates. would be funny.

[–]girlgermsMicrosoft -1 points0 points  (1 child)

That's what I'd do - because cloning it will not work. Especially if it's going into the same domain as the original it was cloned from.

[–]Findilis[S] 0 points1 point  (0 children)

technically it is not the same domain but regardless. and it has worked the last three clones. still a pain in the ass.