?
Solved

DC exceeded default tombstone lifetime

Posted on 2010-09-10
8
Medium Priority
?
895 Views
Last Modified: 2012-05-10
Hi
My first DC in one site has been offline for more than 60days and so obviously have exceeded the default TSL (in ADSIEDIT, the integer is not set). I ran a Windows Server 2003 R2 SP2 DCs. My question is Can i adjust the TSL to 180 and reintroduce the DC without causing any issues on the domain? if not, how do i reintroduce the DC?
Do i force it out and promote the additional DC to the the first?
please help????!!!
0
Comment
Question by:adjaddy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 3

Expert Comment

by:PlugThatInWhere
ID: 33649474
Your question is a bit confusing.
I get that your First DC is in remote site and been disconnected a long time.  So you must have a second DC local to you.  Correct?  How many?

- As the First DC has been disconnected for such a time, have you moved the FSMO roles to your local DC at anytime since it was offline?
- Do you need anything on the First DC?  Any AD changes that you want to keep?  Has it been Shut Down this entire time or supporting your users in that site?
0
 
LVL 2

Accepted Solution

by:
Antsoair earned 1200 total points
ID: 33659232
Yes, the best thing to do is to remove it as a domain controller.  You probably will not be able to do that gracefully so you may need to clean up orphaned objects from AD.  Once it is completely removed.  Promote it back to a domain controller and it will work again.

I have not found a successful way to fix the error you describe without completely demoting it.

Remove orphaned domain controller: http://support.microsoft.com/kb/555846
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 33665980
you have to demote it and repromote it back in
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:adjaddy
ID: 33707467
Plugthatinwhere,
No, i have not ceased the FSMO roles yet. the additional DC at that same site is currently supporting the users.

ChiefIT, is it a simple matter of demoting and promoting back?...at the moment it's not sync-ing with the rest of the domain
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 33707678
Unless, you have a mixed domain, yes it is a matter of controlling the FSMO roles and demoting it, then back.

BUT, you also have to consider what broke FRS in the first place. most of the time that is a DNS related error.

DCDiag /test:DNS

at the command prompt, should unveil the errors.
0
 

Author Comment

by:adjaddy
ID: 33732661
ChiefIT

the DC was taken offline to fix some conflicts with McAfee and the OS. Apparently it stayed out for too long.. :(


0
 
LVL 39

Assisted Solution

by:ChiefIT
ChiefIT earned 800 total points
ID: 33733689
OK, you will need to:

1) Control the five FSMO roles

2) demote it,

3)  remove metadata from the remaining DC,
HOW TO:  http://www.petri.co.il/delete_failed_dcs_from_ad.htm
WARNING: Don't forget AD metadata, FRS metadata, and DNS metadata

4) and promote it back in.

So, Antsoar provided you with good information.
0
 

Author Closing Comment

by:adjaddy
ID: 33760474
Points me in the right direction
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question