Solved

Restoring a DC after FSMO roles moved to another DC in the domain

Posted on 2010-09-23
5
747 Views
Last Modified: 2012-06-21
Hi there,
I need some advice on a failed domain controller. This is basically the scenario of what happened.

We had an HDD failure on the primary DC and the server were taken down.
Whilst the server were down we seized the FSMO roles over to secondary DC, ensured it was a GC and ensured that all the servers point to this DNS.

We are now trying to restore the old DC from Symantic backup, but in order to do this the old DC needs to be a DC so that we can do restore in directory service restore mode. We want to restore the old DC, specifically as this were the CA server. Yes I am aware that bringing this server back into the domain can cause havoc, but we will do the restore and then before the server start back up we will unplug from the network.

My question is basically how feasible does this solution sound and if there is anyone that has done some dort of similar restore before where all the roles has been moved from the primary DC and then trying to restore the primary DC back again from backup?

Looking forward to a response.
0
Comment
Question by:msiebrits
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33744766
Since you seized all the FSMO roles off that box, do not bring it back online.  That will cause issues like you already noted,  consider that server dead and gone.
What you will want to do is run a metadata cleanup of it from yoru good DC   http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Then you wipe the box and you can rebuild and promote it again.
Thanks
Mike
0
 

Author Comment

by:msiebrits
ID: 33744935
Thank you for the advice Mike. The problem we have is that that server were the only CA certificate server and we need to get the certificates back somehow, hence the reason why we were trying to restore it. Then once restored we wanted to backup the CA certification authority to another server.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33745138
Won't blow smoke on this one...I've never tested or gone through that scenario (seized FSMO with CA).  Brining the seized RID master back online will definitely  cause issues.
See if you get any other responses...may eventually need a PSS call.
Thanks
Mike
 
0
 

Author Comment

by:msiebrits
ID: 33745501
Right, we might have to look at this from a different perspective then. If I were to create a new CA then on a new DC what will be the implications with the current certificates out there? Will we have to add certificates onto every device again? Is there any way of say restoring the cersrv folder onto this new CA, and might this help?
Just looking for ideas and if anyone knows of a possible solution.
0
 

Author Closing Comment

by:msiebrits
ID: 33858153
I did not receive any other solutions regarding this question
0

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now