W2k3 secondary domain controller recovery: join or trust with primary domain controller lost

Active Directory
Active Directory errors
Domain Controller
Microsoft Windows Server 2003
Windows Server 2003 Domain Controller
Hello, I’ve a problem which was driving me crazy…but the problem primarily was my lack of knowledge in domain controllers troubleshooting. I have a Windows 2003 standard edition backup domain controller. I have been connecting to this one by RDP (only using s domain admin credentials, not the domain users accounts) since many years but recently I could not be able to access to the “BDC” anymore (it occurs only by RDP, the local admin login is working fine). I tried to login the remote desktop session both with or without the /console option but nothing changed. I tried to launch remote desktop session domain admin credentials from many of my XP pro clients on LAN and on any of these I’ve always received a message that translated sounds like this: “unable to determine the computer role, group policies Processing interrupted ” (event id: 1053). I checked this article and everything is compliant to it. I received also this error message (sorry for the translation): - Event id 1006: unable to complete domain join: (local error). group policies Processing interrupted When I was trying to connect every domain user (this time I tried not only the domain admin but also some domain users accounts and the result has been the same), I received the following error: - Event id 1219: Access denied for domainuser account. Unable to get Terminal server user profile: Error: access denied In my opinion my Backup domain controller has lost “the join” with the Primary Domain controller but I don’t know how to “rejoin it”. I tried DC promo but I received the error that “Before adding or removing Active Directory is necessary to remove Certification services”. Notice that this PDC has a Certification Authority installed and I don’t know how to remove and recover them after DCPROMO. I tried something like this: netdom join dcbck.domain.local /Domain:domain.local /UserD:domainadministrator /PasswordD:xxxxxxxx but without succeeding (I obtained this error:” “This computer is a domain controller and can’t be disconnected from domain)”. I will be very gratefull to all of us who will come back with detailed step-by-step suggestions or procedures. Thanks a lot in advance.

Software/Hardware used:
Windows 2003 server standard edition Sp2

Answer Wiki

Thanks. We'll let you know when a new response is added.

This link will show you how to transfer the certificate authority to another server. Once that is done, uninstall Certificate Authority, Demote your DC, and promote it back. I would suggest that you demote the DC then do a fresh install of the OS before promoting it back.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • SampeiMihira
    Thanks a lot for helping me, Mshen. I'm going to do this operation and then I will publish the resulting operations.
    15 pointsBadges:
  • Genderhayes
    You can delete an ordinary file restore it from backup have old files back as was domain functional level has to be setup or make a backup and restore it on the modified server
    10,730 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: