Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Should I forcefully Demote a DC that has just passed the tombstone lifetime

Posted on 2010-08-16
6
Medium Priority
?
700 Views
Last Modified: 2012-05-10
Hello guys and as always thanks for the time and expertise.  I have a windows server 2003 sp2 DC that had to be taken offline because of structural problems in a particular bldg - couldn't be helped.  The DC last successfully replicated on 6/16 and I was going to bring it back online tomorrow.  The tombstone lifetime for my forest is 60 days which puts me a day over.  I'm sure objects have been deleted during this time but I don't think there were many changed but I'm not sure as we have many sites and I'm not the only admin.  
By the way, we only have one domain.  My question is do you think I should just demote this dc, forecefully if necessary, to make sure there's no problems or should I check and remove any lingering objects with the repadmin /removelingeringobjects command.  I just want to follow best practices but I've never experienced this scenario before.  Please let me know you would recommend.
Again, the server is past tombstone only by a day.  Thanks.  
As an aside, should I increase the tombstone to 180 for the future?
0
Comment
Question by:pendal1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 4

Assisted Solution

by:a1rh0pper
a1rh0pper earned 800 total points
ID: 33451394
What other functions does the box provide?

If it doesn't do file or print, or any applications.....I would forcefully demote it. Clean up AD, and bring it back in if the desire is to have it back online as a domain controller.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1200 total points
ID: 33451400
Man just one day over the TSL; yeah I'd just /forceremoval, metadata cleanup, add back to the domain and promote again.  It is not as bad as it sounds.

If you think there could be a chance something like happens again then increasing it to 180 would be a good safety net.

Thanks

Mike
0
 

Author Comment

by:pendal1
ID: 33453556
Thanks for the responses guys.  I think this DC also hosts a printer but only one so I can work around that. When I bring it back online, and I think I'm doing that today but I'm not a 100% sure - I will check for other functunailty.  The primary function is to be a DC and you guys seem to think it's best to demote and then bring it back online clean.  
mkline71 - that's my luck - one lousy day.  
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 33454521
The printers should be fine, /forceremoval will put it in a workgroup.  Then you run the metadata cleanup after that.  Then you add it back to the domain and promote again.
Give the domain time to fully replicate between the steps.
Thanks
Mike
0
 

Author Comment

by:pendal1
ID: 33460792
Thanks guys.  I  took your advice and forefully demoted the DC.  I also renamed the domain controller when readdming it back to the domain just in case there were any lingering references.  Process went smoothy.  There was only one printer installed on this server and I'll change that reference in GP.  Thanks again for your time and valuable info.
0
 

Author Closing Comment

by:pendal1
ID: 33460797
Thank you very much for your prompt attention and expert advice.  Greatly appreciated.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this article, we’ll look at how to deploy ProxySQL.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question