Make sure FSMO roles are covered.
It usually takes the better part of a day-or-more to rebuild a DC. Most people will not notice a missing DC if all FSMO roles are running.
C:\ >netdom query FSMO (or netdom query /domain:ads FSMO)
Schema owner redwood.uwad.uwaterloo.ca
Domain role owner redwood.uwad.uwaterloo.ca
PDC role douglasfir.ads.uwaterloo.ca
RID pool manager oak.ads.uwaterloo.ca
Infrastructure owner oak.ads.uwaterloo.ca
The command completed successfully.
NOTE: BE SURE TO UPDATE DNS IF ANY OF THESE ROLES CHANGE FROM ONE SERVER TO ANOTHER
Make sure a Global Catalog server is available. If a DC cannot contact a GC at the point of client logon, cached local logon credentials are all the client will receive, and access to remote resources will be denied.
August 2004 our GC’s were douglasfir and redwood.
“AD Sites and Services” is the tool that lists all domain controllers. If you select any server (under Sites/Default-First-Site-Name/Servers) Right-Mouse click “NTDS Settings” beneath the server name and select “Properties”. You will see “Global Catalog” as selectable here with a check mark beside the servers selected as GC servers. You can change or check this here.
Restore or Reinstall the missing DC.
To decide which of these two is best/fastest see the following guidelines:
See Appendix A in: http://win2k.uwaterloo.ca/Disaster_Recovery/Windows2000Server_recovery.htm
See the last chapter of: http://win2k/Disaster_Recovery/Partial_Active_Directory_Restores_and_Repair.htm
Document created by Manfred Grisebach