Sunday 29 July 2012

How To Clean Up AD/DNS/Replication Links After A Failed SBS Destination OS Install or DCPromo

UPDATE: We moved the NTDSUtil step to the front of the pack.

Whenever we run into problems with getting the destination server online, for whatever reason, we have the option to do the following:

  • Restore the System State.
    • This means running the SourceTool again.
  • Restore the Server
    • Restore from ShadowProtect or other backup.
    • Caveat is that any incoming mail since the backup could be lost.
  • Clean up the Source Server
    • Clean DNS
    • Clean AD Sites & Services
    • Verify Global Catalogue
    • Seize FSMO Roles

Please keep in mind that these instructions are specific to situations where our destination has not made it far enough to install Exchange and its connectors on the Source SBS 2003 server.

We need to run the NTDSUtil step first:

We moved the NTDSUtil step to the fore as there are a few additional underlying bits that the utility removes that may help in the next SBS 2011 Standard OS run.

Our second step is in Active Directory Sites & Services

  • Remove the replication links for both servers
  • Source Server:
    • Delete NTDS Settings
    • Delete the Server Container
  • NOTE:

In Active Directory Users and Computers

  • Remove the Destination SBS 2011 from the Domain Controllers container

In DNS Forward Lookup Zones and Reverse Lookup Zones

  • Remove all references to the Destination Server in _msdcs.domain.local
    • DNS A Records
    • DNS N (Name Server tab)
    • IP Address
  • Remove all references to the Destination Server in Domain.Local
    • DNS A Records
    • DNS N (Name Server tab)
    • IP Address
  • Remove all references to the Destination Server in 192.168.99.x Subnet
    • DNS A
    • DNS N (Name Server tab)
    • IP Address

Once all references in AD and DNS have been removed we need to verify that our source is still a Global Catalogue server. This is done in AD Sites & Services.

Then, we reverse the FSMO Role transfer that happens early in the SBS 2011 OS install and configuration process.

We can verify the FSMO Role locations at the command prompt:

  • netdom query fsmo [Enter]

Once we have completed our clean-up steps we are ready to make our SBS 2011 Standard OS install run attempt.

If errors were due to a Schema Mismatch error then we check the AD version here:

  • Registry: HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\<Schema Version>
    • Windows 2000 RTM with all Service packs = Schema version 13
    • Windows Server 2003 RTM with all Service packs = Schema version 30
    • Windows Server 2003 R2 RTM with all Service packs = Schema version 31
    • Windows Server 2008 RTM with all Service packs = Schema version 44
    • Windows Server 2008 R2 RTM with all Service packs = Schema version 47
    • Windows Server 2012 RC = Schema version 56

Our particular Schema version when working with SBS 2011 Standard after the SourcePrep Tool is run successfully is 47.

NOTE: The above steps are destructive! Please have a backup and make sure to verify what is being deleted _before_ the object is deleted!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

No comments: