W2K3 domain controller offline temporarily

Posted on 2008-06-15
Medium Priority
Last Modified: 2010-05-19
I am jointly responsible for administering and managing a Windows 2003 Active Directory environment, comprsing around 200 servers, around 20 of which are domain controllers. 3 domains exist within the forest, 2 child domains and one root domain.  

One of the domain controllers needs to be powered off for around a week and management do not want to dcpromo the box, for various reasons.  I have been asked to investigate how long a domain controller can theoretically be powered off for before problems could oocur.  I am well aware of the tombstone lifetime and also have a fairly good understanding of the replication process.  However, what else could affect this scenario?  Could the machine be powered off for a month for example?  I appreciate that replication could hammer the machine once powered back on but I just need a few more bits of info.  By the way, no FSMO roles exist on this domain controller.

Thanks in advance.
Question by:gkeane
LVL 63

Expert Comment

ID: 21789601
I think that 30 days is max, since after that the AD data will not be accepted via replication , so that is your max.

I hope this helps !

Author Comment

ID: 21789623
I wasn't aware of that limit, cheers.  What is the process/mechanism that controls this?  Is it the KCC?
LVL 58

Accepted Solution

tigermatt earned 500 total points
ID: 21791224
There is a limit to the length of time a Domain Controller to be offline. I always thought it was 30 days as well, but it looks like, according to http://support.microsoft.com/kb/198793/, that in Windows Server 2003, this limit has been increased to 180 days.

This limit is all related to the garbage collection process in Active Directory.

You might want to review http://technet2.microsoft.com/windowsserver/en/library/ab0ad0e9-2f7a-417c-a312-676c0fc9cd771033.mspx?mfr=true which details a checklist of things to do before you take a DC offline for a long period of time.


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question