?
Solved

Domain controller issue - Force current DC to replicate from old DC?

Posted on 2010-03-30
9
Medium Priority
?
332 Views
Last Modified: 2012-05-09
We had two win 2003 DC's, let's call them DC1 and DC2.

We recently took down DC1 (hardware was acting up), leaving just DC2 to run AD.   Due to some bungling on our part we've now messed up some settings in active directory and need to get back to where things were.

Is it possible to re-introduce DC1 and then force DC2 to replicate AD from DC1?  DC1 hasn't been on the network for about 2 weeks, so it's not that it's been down for months.

The issue is that DC2 is also our exchange server, so it's not that I can just take it offline indefinitely.

Help!
0
Comment
Question by:Kenazo
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 332 total points
ID: 29149428
where were the FSMO roles and what did you do to them over the last two weeks?

The reason I ask is because if you seized them from DC1 to DC2 then you should not introduce DC1 again.  

If DC1s hardware is now ok and you are ok with the FSMO role issue then yes you can bring it back after two weeks.  Where there are issues is when a DC is offline longer than the tombstone lifetime period (either 60 or 180 days by default)

...but if DC1 is still acting up and you are only running with one DC, what I'd do sooner rather than later is maybe bring up a new box DC3.  Just don't want to be running with only one DC.

Thanks

Mike
0
 

Author Comment

by:Kenazo
ID: 29149646
If I introduce DC1 again won't it view DC2's copy of AD as more current and replicate from it?  I want to make sure replication goes to DC2, not from it.

DC2 had seized the FSMO roles, since I thought DC1 was permanently retired (and I deleted the account for DC1 from AD, on DC2).
0
 
LVL 4

Expert Comment

by:sukamto
ID: 29150158
Did you demote DC1?
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 

Author Comment

by:Kenazo
ID: 29150920
Is it possible to demote a physically dead DC?  I simply deleted the computer's account in AD on DC2.  (which I wish now I hadn't done)
0
 
LVL 24

Assisted Solution

by:Awinish
Awinish earned 332 total points
ID: 29152512
You can perform metadata cleanup to remove dead domain controller & also if some records remainging delete it manually & also remove all the records from _msdcs folder in dns as well as from adsiedit.msc.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
You can't bring back the dc from which you seized roles,if you bring back you will face issues,so its better introduce new dc or you system state backup.
 
0
 
LVL 4

Accepted Solution

by:
sukamto earned 336 total points
ID: 29152894
you should not do that, you cant just delete a dead DC by simply delete the computer account. even the DC is dead, you still can delete it properly via AD database by this link (use with caution, be careful) http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 

Author Closing Comment

by:Kenazo
ID: 31709238
Thanks, I think I know where I need to go now.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 29158298
I think i have given the solution with link already & its the same link repeated again,got accepted.
http://www.experts-exchange.com/help.jsp#hs=30&hi=416
Please read the EE policy.
 
0
 
LVL 4

Expert Comment

by:sukamto
ID: 29189361
Sorry Awinish, not really want to repeat yours.
I was late to submit with page still not refreshed yet.
I only knew your post after i submitted. Just coincidence.
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question