Overview
Due to many twists and turns, this time the server of the primary domain controller dc2022.hxx.tt crashed and was unable to enter the system. This time I will explain how to upgrade the AD secondary domain controller to the primary domain controller.
To view the domain controller instance of the current domain, right-click to view hxx.tt. The current [Operation Master] of the domain has displayed an error;
Right-click to view the current [Domain Controller] of the hxx.tt domain. It shows that dc2022.hxx.tt has been hung, indicating that it is no longer working;
Check the current FSMO through netdom query fsmo. The owners of the five roles are all dc2022.hxx.tt primary domain controller;
Now you need to take ownership of the secondary domain controller dc2022assist.hxx.tt from the five roles in the primary domain controller dc2022.hxx.tt and take effect.
Use the ntdsutil command through PowerShell to bind the secondary domain controller to the primary domain controller;
PS C:\Users\Administrator.HXX> ntdsutil
C:\Windows\system32\ntdsutil.exe: roles
fsmo maintenance: connections
server connections: connect to server dc2022assist.hxx.ttbind
to dc2022assist.hxx.tt…
Log in with this The user's credentials connect to dc2022assist.hxx.tt.
server connections: quit
fsmo maintenance:
After entering the above records, do not close the current PowerShell records and status;
Obtain role one: naming master (domain naming master role)
Continue to enter Seize naming master after recording on PowerShell above. When prompted, click [Yes];
Obtain role two: infrastructure master (structure master role)
Continue to enter Seize infrastructure master on PowerShell, and click [Yes] when prompted;
Obtain role three: PDC (PDC role)
Continue to enter Seize PDC on PowerShell, and click [Yes] when prompted;
Obtain role four: RID master (RID pool manager role)
Continue to enter Seize RID master on PowerShell, and click [Yes] when prompted;
Obtain role five: schema master (schema master role)
Continue to enter Seize schema master on PowerShell, and click [Yes] when prompted;
Now through the netdom query fsmo command, it is found that the owner of the five FSMO roles is already the secondary domain controller dc2022assist.hxx.tt, indicating that it has been successful.
Clear original primary domain control data
Clear the residual information (metadata) of the original primary domain controller data and use the ntdsutil command on the original secondary domain controller (now the primary domain controller) PowerShell;
command run
ntdsutil: metadata cleanup //Enter server object cleanup mode
metadata cleanup: select operation target //Enter operation target selection mode
select operation target: connections //Enter connection mode
server connections: connect to domain hxx.tt //Connect to hxx.tt domain control
server connections:quit
select operation target: list sites //List sites in the currently connected domain
select operation target: select site 0 //Select site 0
select operation target: List domains in site /List domains in the site
select operation target: select domain 0 //Select domain 0
select operation target: List servers for domain in site //List all servers
select operation target: select server 0 //Select the server in the domain to be deleted (domain control)
select operation target: quit
metadata cleanup:Remove selected server
A dialog box appears, click "OK" to delete the dc2022.hxx.tt master server.
Complete deletion of dc2022.hxx.tt;
Exit the ntdsutil command;
metadata cleanup:quit
ntdsutil: quit
final configuration
Delete dc2022.hxx.tt site
In [Active Directory Sites and Services], select the original primary domain controller dc2022 and right-click to delete;
Designate the current primary domain controller (original secondary domain controller) dc2022assist.hxx.tt as GC (global catalog)
Open the dc2022assist site in [Active Directory Sites and Services], right-click Properties - [General] - check [Global Catalog] - [OK].
Set IP address and DNS address;
Change the local IP address and DNS to the IP address and DNS of the previous primary domain controller to ensure that domain computers and users can access it normally. If the client has been pointed to the original secondary domain controller in the early stage, there is no need to modify it now and set it as needed. Just ensure that the global connection is normal;
Restart Netlogon service
Right-click to open the _msdcs.hxx.tt property in [DNS Manager], and delete the domain name of dc2022.hxx.tt. in [Name Server];
Right-click in [DNS Manager] to open the hxx.tt attribute, and delete the domain name of dc2022.hxx.tt. in [Name Server];
In [Active Directory Users and Computers] management, right-click the hxx.tt domain and click [Operation Host];
When the [Operation Host] is displayed as the changed primary domain controller, the secondary domain controller is successfully upgraded to the primary domain controller.
