• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 901
  • Last Modified:

DC exceeded default tombstone lifetime

Hi
My first DC in one site has been offline for more than 60days and so obviously have exceeded the default TSL (in ADSIEDIT, the integer is not set). I ran a Windows Server 2003 R2 SP2 DCs. My question is Can i adjust the TSL to 180 and reintroduce the DC without causing any issues on the domain? if not, how do i reintroduce the DC?
Do i force it out and promote the additional DC to the the first?
please help????!!!
0
adjaddy
Asked:
adjaddy
2 Solutions
 
PlugThatInWhereCommented:
Your question is a bit confusing.
I get that your First DC is in remote site and been disconnected a long time.  So you must have a second DC local to you.  Correct?  How many?

- As the First DC has been disconnected for such a time, have you moved the FSMO roles to your local DC at anytime since it was offline?
- Do you need anything on the First DC?  Any AD changes that you want to keep?  Has it been Shut Down this entire time or supporting your users in that site?
0
 
AntsoairCommented:
Yes, the best thing to do is to remove it as a domain controller.  You probably will not be able to do that gracefully so you may need to clean up orphaned objects from AD.  Once it is completely removed.  Promote it back to a domain controller and it will work again.

I have not found a successful way to fix the error you describe without completely demoting it.

Remove orphaned domain controller: http://support.microsoft.com/kb/555846
0
 
ChiefITCommented:
you have to demote it and repromote it back in
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

 
adjaddyAuthor Commented:
Plugthatinwhere,
No, i have not ceased the FSMO roles yet. the additional DC at that same site is currently supporting the users.

ChiefIT, is it a simple matter of demoting and promoting back?...at the moment it's not sync-ing with the rest of the domain
0
 
ChiefITCommented:
Unless, you have a mixed domain, yes it is a matter of controlling the FSMO roles and demoting it, then back.

BUT, you also have to consider what broke FRS in the first place. most of the time that is a DNS related error.

DCDiag /test:DNS

at the command prompt, should unveil the errors.
0
 
adjaddyAuthor Commented:
ChiefIT

the DC was taken offline to fix some conflicts with McAfee and the OS. Apparently it stayed out for too long.. :(


0
 
ChiefITCommented:
OK, you will need to:

1) Control the five FSMO roles

2) demote it,

3)  remove metadata from the remaining DC,
HOW TO:  http://www.petri.co.il/delete_failed_dcs_from_ad.htm
WARNING: Don't forget AD metadata, FRS metadata, and DNS metadata

4) and promote it back in.

So, Antsoar provided you with good information.
0
 
adjaddyAuthor Commented:
Points me in the right direction
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now