Re-installing a Domain Controller

This article is writen to give readers a heads up about some issues involved when re-installing a Domain controller.  This article is particulary about re-installing a Windows 2000 domain controller and issues that may occur if the re-installation is not done properly.

This article is to be used at the readers own risk and the author nor this project can be held liable for any damage related to this article or your use of information contained here.  You could seriously damage Active Directory if you perform tasks related to this subject improperly.  This article will outline the issue and point to resources for further information.

If a Windows 2000 domain controller crashes and cannot be gracefully removed from the domain, there are some Active Directory maintenance tasks which should be performed prior to the re-installation of that domain controller or the installation of a new domain controller. 

Background

Active Directory is the control mechanism for your Windows domain which allows users to be created or removed and controls access to various objects in the network including servers, workstations, and files. You should be aware that Active Directory treats everything as an object and assigns a unique identifing number to each object including your domain controller servers.  When your domain controller is re-created, it will not have the same identifying number. Therefore it is important to use the correct process when dealing with these important objects.  There are two cases which may occur  when a domain controller must be re-installed:

Crashed Domain Controller which must be replaced or re-installed

If your domain controller crashes and must be re-installed you should clean up Active Directory before installing a new domain controller or re-installing your domain controller.  See Microsoft's Knowledge Base Article Q216498 at http://support.microsoft.com/default.aspx?scid=kb;en-us;216498

This procedure describes how to use the NTDS Utility program to clean up active directory.  This procedure must be done precisely to avoid damaging Active Directory.  If you have not followed the procedures properly, or have installed a new domain controller before cleaning up Active Directory and/or have noticed some unusual effects which may be caused by Active Directory corruption, you should call Microsoft technical support IMMEDIATELY.  I recommend that you DO NOT attempt to clean up the corruption yourself.

Working Domain controller which must be replaced for some reason

  1. Demote the domain controller using the dcpromo tool.  See the Microsoft Knowledge Base Article Q238369 at http://support.microsoft.com/default.aspx?scid=kb;en-us;238369 about how to Promote and Demote Domain Controllers in Windows 2000.
  2. Install the new domain controller.
  3. Promote the domain controller using the dcpromo tool.  See the Microsoft Knowledge Base Article Q238369 at http://support.microsoft.com/default.aspx?scid=kb;en-us;238369