Thanks Zoran, I already checked a few things and I think is a PDC Emulator role problem. I wasn't added any new hardware to the server. There is not problems with disks. Since this is the only server in the organization I don't have replication issues. I checked the role owners with ntdsutil and the server owns all of them. Even I seize the PDC Emulator role to the same server and it succeded but the problem is stil present. When I tried to add a new DC, before run dcpromo.exe I had to add the computer to the domain and received a message stating that no DC of my domain could be connected. I run dcdiag.exe on the server and it fails the Fsmocheck. The rest was Ok. This is the message: Starting test: FsmoCheck GC Name: \\server.domain.com Locator Flags: 0xe00001fd Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355 A Primary Domain Controller could not be located. The server holding the PDC role is down. Time Server Name: \\server.domain.com Locator Flags: 0xe00001fd Preferred Time Server Name: \\server.domain.com Locator Flags: 0xe00001fd KDC Name: \\server.domain.com Locator Flags: 0xe00001fd ......................... domain.com failed test FsmoCheck > -----Original Message----- > From: Zoran [mailto:zmarjanovic@xxxxxxxx] > Sent: Friday, February 13, 2004 02:59 > To: [ExchangeList] > Subject: [exchangelist] RE: Disaster Recovery Exchange 2K > with Win2K A D > > > http://www.MSExchange.org/ > > Hi Daniel, > > you should check services on DC, try to remember any changes > you made in > the last few weeks (new hardware-there could be problems if > you added new > NIC on DC, hot fix, SP, third party software, AV software > upgrade...), run > AV and antitrojan scan on DC and all clients, run chkdsk and > sfc /scannow > on DC, use Active Directory Replication Monitor (support > tools)to check > status of FSMO roles. What do you mean with 'I cann't add > second DC. What > happened when you tried it? Did you get any message, error or > warning in > your app/system logs? > > Zoran > > > Definitevely it's not a GPO. I've already checked that. > > The problem it's the same in any machine. > > I have other symptoms like this: A user newly created user account = > > can=B4t logon on any machine of the domain except for the domain = > > controller (previously changing the user rights assignment). > > I've also discarded name resolution problem. > > As I mention, I run dcdiag.exe and it fails on the Fsmocheck part. > > > > Anyway, I didn=B4t know about associating accounts. > > I am reading a paper about that right now. > > > > Thank you very much for the info! > > > > Daniel. > > > > > -----Original Message----- > > > From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]=20 > > > Sent: Thursday, February 12, 2004 17:50 > > > To: [ExchangeList] > > > Subject: [exchangelist] RE: Disaster Recovery Exchange 2K=20 > > > with Win2K A D > > >=20 > > >=20 > > > http://www.MSExchange.org/ > > >=20 > > > Are you sure it's not maybe a GPO or something wrong with the=20 > > > particular > > > client? =20 > > >=20 > > > Your other question asks if you can associate the account > with the new > > > accounts even though the sID is different (after a rebuild). =20 > > > The sID has > > > nothing to do with it. You can associate a mail store with=20 > > > just about any > > > user object with few exceptions. It might be a pain if you=20 > > > have more than > > > 50 to do this with, but you can do it. You'll want to have a=20 > > > list of these > > > prior to getting rid of the old ones (LDIFDE or VBS are good=20 > > > tools for this) > > > so you can match it later. > > >=20 > > > I just can't help but think that you have something wrong=20 > > > that may not be > > > fixed by re-building. It may not require that. > > >=20 > > > Al > > >=20 > > >=20 > > >=20 > > > -----Original Message----- > > > From: Calder=F3n Vilches Luis Daniel > [mailto:Daniel@xxxxxxxxxxxx]=20 > > > Sent: Thursday, February 12, 2004 4:12 PM > > > To: [ExchangeList] > > > Subject: [exchangelist] RE: Disaster Recovery Exchange 2K=20 > > > with Win2K AD > > >=20 > > >=20 > > > http://www.MSExchange.org/ > > >=20 > > > Thanks Al!! > > >=20 > > > I will answer with an example of my problem: > > > If I run the AD tools locally on the server, I can add users,=20 > > > groups and > > > computers. But when I tried to access these objects from > a client, by > > > example set NTFS permissions on a share, I can=B4t get the=20 > > > users list from the > > > domain controller. > > >=20 > > > I'm afraid that is something wrong with the PDC emulator=20 > > > role. So, I can=B4t > > > add domain controllers. > > >=20 > > > Daniel > > >=20 > > > > -----Original Message----- > > > > From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] > > > > Sent: Thursday, February 12, 2004 15:23 > > > > To: [ExchangeList] > > > > Subject: [exchangelist] RE: Disaster Recovery Exchange 2K=20 > > > > with Win2K AD > > > >=20 > > > >=20 > > > > http://www.MSExchange.org/ > > > >=20 > > > > If you think the problem is just the machine locally, try > > > > installing a new > > > > DC into the mix and transferring the roles to it once stable.=20 > > > > If you still > > > > have the problem, then keeping the Active Directory as is may=20 > > > > not be an > > > > option for you or you may have other issues that would show=20 > > > > up in the event > > > > log.=20 > > > >=20 > > > > If you are unable to install additional computer objects, > > > > then you likely > > > > can't add user objects either. Is that right? If so, it's=20 > > > > likely a role > > > > master issue that you're having. Restoring system state and=20 > > > > databases etc > > > > will restore the Active Directory exactly like it is for that=20 > > > > point in time. > > > > That might not be a good idea given what you described. =20 > > > >=20 > > > >=20 > > > >=20 > > > >=20 > > > > Al > > > >=20 > > > > -----Original Message----- > > > > From: Calder=F3n Vilches Luis Daniel > [mailto:Daniel@xxxxxxxxxxxx] > > > > Sent: Thursday, February 12, 2004 10:31 AM > > > > To: [ExchangeList] > > > > Subject: [exchangelist] Disaster Recovery Exchange 2K > with Win2K AD > > > >=20 > > > >=20 > > > > http://www.MSExchange.org/ > > > >=20 > > > > Hi everybody, > > > >=20 > > > > This is my first time in the list, so I hope you could give > > > > me more ideas. > > > >=20 > > > > Have the following environment: > > > >=20 > > > > A Win2k DC which also is Exchange2K server, this is the > > > > lonely server in the > > > > organization, I call it THE server. > > > >=20 > > > > This DC has problems with some FSMO roles with impact on the > > > > end users: > > > > things like we can not add more machines to the domain.=20 > > > > However, the AD > > > > tools run ok, even I can add users or groups to the domain,=20 > > > > only if I run it > > > > locally on the server, of course. I have received the=20 > > > server with this > > > > problems from a previous administration. > > > >=20 > > > > The thing is: I want to reinstall the server. > > > > BUT I have this problems: > > > > - I need to preserve the AD accounts in order to associate > > > > them with their > > > > mailboxes once I have restored the exchange services. > > > > - I think that a System State backup of the server will > preserve the > > > > accounts, BUT maybe also preserve the misconfigurations > I described. > > > >=20 > > > > Has anybody experienced with a similar situation?? > > > > Any suggestions will be well received. > > > > 10xs!!! > > > >=20 > > > > Daniel > > > >=20 > > > > ------------------------------------------------------ > > > > List Archives: > > > > http://www.webelists.com/cgi/lyris.pl?> enter=3Dexchangelist > > > >=20 > > > > Exchange Newsletters: > > > > http://www.msexchange.org/pages/newsletter.asp > > > > Exchange FAQ: = > > http://www.msexchange.org/pages/larticle.asp?type=3DFAQ > > > > ------------------------------------------------------ > > > > Other Internet Software Marketing Sites: > > > > Leading Network Software Directory:=20 > > > > http://www.serverfiles.com No.1 ISA > > > > Server Resource Site:=20 > > > > http://www.isaserver.org Windows Security Resource > > > > Site: http://www.windowsecurity.com/ Network Security Library: > > > > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > > > http://www.ntfaxfaq.com > > > > ------------------------------------------------------ > > > >=20 > > > > ------------------------------------------------------ > > > > List Archives: > > > > http://www.webelists.com/cgi/lyris.pl?> enter=3Dexchangelist > > > >=20 > > > > Exchange Newsletters: > > > > http://www.msexchange.org/pages/newsletter.asp > > > > Exchange FAQ: = > > http://www.msexchange.org/pages/larticle.asp?type=3DFAQ > > > > ------------------------------------------------------ > > > > Other Internet Software Marketing Sites: > > > > Leading Network Software Directory: http://www.serverfiles.com > > > > No.1 ISA Server Resource Site: http://www.isaserver.org > > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > > Network Security Library: http://www.secinf.net/ > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > > ------------------------------------------------------ > > > >=20 > > > >=20 > > >=20 > > > ------------------------------------------------------ > > > List Archives:=20 > > > http://www.webelists.com/cgi/lyris.pl?> enter=3Dexchangelist > > >=20 > > > Exchange Newsletters:=20 > > > http://www.msexchange.org/pages/newsletter.asp > > > Exchange FAQ: > http://www.msexchange.org/pages/larticle.asp?type=3DFAQ > > > ------------------------------------------------------ > > > Other Internet Software Marketing Sites: > > > Leading Network Software Directory:=20 > > > http://www.serverfiles.com No.1 ISA > > > Server Resource Site:=20 > > > http://www.isaserver.org Windows Security Resource > > > Site: http://www.windowsecurity.com/ Network Security Library: > > > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > > http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > >=20 > > > ------------------------------------------------------ > > > List Archives:=20 > > > http://www.webelists.com/cgi/lyris.pl?> enter=3Dexchangelist > > >=20 > > > Exchange Newsletters:=20 > > > http://www.msexchange.org/pages/newsletter.asp > > > Exchange FAQ: > http://www.msexchange.org/pages/larticle.asp?> type=3DFAQ > > > > ------------------------------------------------------ > > > Other Internet Software Marketing Sites: > > > Leading Network Software Directory: http://www.serverfiles.com > > > No.1 ISA Server Resource Site: http://www.isaserver.org > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > Network Security Library: http://www.secinf.net/ > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > >=20 > > >=20 > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?> enter=exchangelist > > Exchange Newsletters: > http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > >