[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 709
  • Last Modified:

Should I forcefully Demote a DC that has just passed the tombstone lifetime

Hello guys and as always thanks for the time and expertise.  I have a windows server 2003 sp2 DC that had to be taken offline because of structural problems in a particular bldg - couldn't be helped.  The DC last successfully replicated on 6/16 and I was going to bring it back online tomorrow.  The tombstone lifetime for my forest is 60 days which puts me a day over.  I'm sure objects have been deleted during this time but I don't think there were many changed but I'm not sure as we have many sites and I'm not the only admin.  
By the way, we only have one domain.  My question is do you think I should just demote this dc, forecefully if necessary, to make sure there's no problems or should I check and remove any lingering objects with the repadmin /removelingeringobjects command.  I just want to follow best practices but I've never experienced this scenario before.  Please let me know you would recommend.
Again, the server is past tombstone only by a day.  Thanks.  
As an aside, should I increase the tombstone to 180 for the future?
0
pendal1
Asked:
pendal1
  • 3
  • 2
2 Solutions
 
a1rh0pperCommented:
What other functions does the box provide?

If it doesn't do file or print, or any applications.....I would forcefully demote it. Clean up AD, and bring it back in if the desire is to have it back online as a domain controller.
0
 
Mike KlineCommented:
Man just one day over the TSL; yeah I'd just /forceremoval, metadata cleanup, add back to the domain and promote again.  It is not as bad as it sounds.

If you think there could be a chance something like happens again then increasing it to 180 would be a good safety net.

Thanks

Mike
0
 
pendal1Author Commented:
Thanks for the responses guys.  I think this DC also hosts a printer but only one so I can work around that. When I bring it back online, and I think I'm doing that today but I'm not a 100% sure - I will check for other functunailty.  The primary function is to be a DC and you guys seem to think it's best to demote and then bring it back online clean.  
mkline71 - that's my luck - one lousy day.  
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
Mike KlineCommented:
The printers should be fine, /forceremoval will put it in a workgroup.  Then you run the metadata cleanup after that.  Then you add it back to the domain and promote again.
Give the domain time to fully replicate between the steps.
Thanks
Mike
0
 
pendal1Author Commented:
Thanks guys.  I  took your advice and forefully demoted the DC.  I also renamed the domain controller when readdming it back to the domain just in case there were any lingering references.  Process went smoothy.  There was only one printer installed on this server and I'll change that reference in GP.  Thanks again for your time and valuable info.
0
 
pendal1Author Commented:
Thank you very much for your prompt attention and expert advice.  Greatly appreciated.
0

Featured Post

Exciting career futures for women in IT

Education has the power to transform lives and open the door to new career opportunities. By earning an IT degree from WGU, you can become a highly skilled IT professional. Get the credentials and certifications you need to become a leader in this rewarding field.  

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now