Solved

Restoring a DC after FSMO roles moved to another DC in the domain

Posted on 2010-09-23
5
750 Views
Last Modified: 2012-06-21
Hi there,
I need some advice on a failed domain controller. This is basically the scenario of what happened.

We had an HDD failure on the primary DC and the server were taken down.
Whilst the server were down we seized the FSMO roles over to secondary DC, ensured it was a GC and ensured that all the servers point to this DNS.

We are now trying to restore the old DC from Symantic backup, but in order to do this the old DC needs to be a DC so that we can do restore in directory service restore mode. We want to restore the old DC, specifically as this were the CA server. Yes I am aware that bringing this server back into the domain can cause havoc, but we will do the restore and then before the server start back up we will unplug from the network.

My question is basically how feasible does this solution sound and if there is anyone that has done some dort of similar restore before where all the roles has been moved from the primary DC and then trying to restore the primary DC back again from backup?

Looking forward to a response.
0
Comment
Question by:msiebrits
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33744766
Since you seized all the FSMO roles off that box, do not bring it back online.  That will cause issues like you already noted,  consider that server dead and gone.
What you will want to do is run a metadata cleanup of it from yoru good DC   http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Then you wipe the box and you can rebuild and promote it again.
Thanks
Mike
0
 

Author Comment

by:msiebrits
ID: 33744935
Thank you for the advice Mike. The problem we have is that that server were the only CA certificate server and we need to get the certificates back somehow, hence the reason why we were trying to restore it. Then once restored we wanted to backup the CA certification authority to another server.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33745138
Won't blow smoke on this one...I've never tested or gone through that scenario (seized FSMO with CA).  Brining the seized RID master back online will definitely  cause issues.
See if you get any other responses...may eventually need a PSS call.
Thanks
Mike
 
0
 

Author Comment

by:msiebrits
ID: 33745501
Right, we might have to look at this from a different perspective then. If I were to create a new CA then on a new DC what will be the implications with the current certificates out there? Will we have to add certificates onto every device again? Is there any way of say restoring the cersrv folder onto this new CA, and might this help?
Just looking for ideas and if anyone knows of a possible solution.
0
 

Author Closing Comment

by:msiebrits
ID: 33858153
I did not receive any other solutions regarding this question
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question