Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

DC exceeded default tombstone lifetime

Posted on 2010-09-10
8
888 Views
Last Modified: 2012-05-10
Hi
My first DC in one site has been offline for more than 60days and so obviously have exceeded the default TSL (in ADSIEDIT, the integer is not set). I ran a Windows Server 2003 R2 SP2 DCs. My question is Can i adjust the TSL to 180 and reintroduce the DC without causing any issues on the domain? if not, how do i reintroduce the DC?
Do i force it out and promote the additional DC to the the first?
please help????!!!
0
Comment
Question by:adjaddy
8 Comments
 
LVL 3

Expert Comment

by:PlugThatInWhere
ID: 33649474
Your question is a bit confusing.
I get that your First DC is in remote site and been disconnected a long time.  So you must have a second DC local to you.  Correct?  How many?

- As the First DC has been disconnected for such a time, have you moved the FSMO roles to your local DC at anytime since it was offline?
- Do you need anything on the First DC?  Any AD changes that you want to keep?  Has it been Shut Down this entire time or supporting your users in that site?
0
 
LVL 2

Accepted Solution

by:
Antsoair earned 300 total points
ID: 33659232
Yes, the best thing to do is to remove it as a domain controller.  You probably will not be able to do that gracefully so you may need to clean up orphaned objects from AD.  Once it is completely removed.  Promote it back to a domain controller and it will work again.

I have not found a successful way to fix the error you describe without completely demoting it.

Remove orphaned domain controller: http://support.microsoft.com/kb/555846
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 33665980
you have to demote it and repromote it back in
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:adjaddy
ID: 33707467
Plugthatinwhere,
No, i have not ceased the FSMO roles yet. the additional DC at that same site is currently supporting the users.

ChiefIT, is it a simple matter of demoting and promoting back?...at the moment it's not sync-ing with the rest of the domain
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 33707678
Unless, you have a mixed domain, yes it is a matter of controlling the FSMO roles and demoting it, then back.

BUT, you also have to consider what broke FRS in the first place. most of the time that is a DNS related error.

DCDiag /test:DNS

at the command prompt, should unveil the errors.
0
 

Author Comment

by:adjaddy
ID: 33732661
ChiefIT

the DC was taken offline to fix some conflicts with McAfee and the OS. Apparently it stayed out for too long.. :(


0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 200 total points
ID: 33733689
OK, you will need to:

1) Control the five FSMO roles

2) demote it,

3)  remove metadata from the remaining DC,
HOW TO:  http://www.petri.co.il/delete_failed_dcs_from_ad.htm
WARNING: Don't forget AD metadata, FRS metadata, and DNS metadata

4) and promote it back in.

So, Antsoar provided you with good information.
0
 

Author Closing Comment

by:adjaddy
ID: 33760474
Points me in the right direction
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question