Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 762
  • Last Modified:

Restoring a DC after FSMO roles moved to another DC in the domain

Hi there,
I need some advice on a failed domain controller. This is basically the scenario of what happened.

We had an HDD failure on the primary DC and the server were taken down.
Whilst the server were down we seized the FSMO roles over to secondary DC, ensured it was a GC and ensured that all the servers point to this DNS.

We are now trying to restore the old DC from Symantic backup, but in order to do this the old DC needs to be a DC so that we can do restore in directory service restore mode. We want to restore the old DC, specifically as this were the CA server. Yes I am aware that bringing this server back into the domain can cause havoc, but we will do the restore and then before the server start back up we will unplug from the network.

My question is basically how feasible does this solution sound and if there is anyone that has done some dort of similar restore before where all the roles has been moved from the primary DC and then trying to restore the primary DC back again from backup?

Looking forward to a response.
0
msiebrits
Asked:
msiebrits
  • 3
  • 2
1 Solution
 
Mike KlineCommented:
Since you seized all the FSMO roles off that box, do not bring it back online.  That will cause issues like you already noted,  consider that server dead and gone.
What you will want to do is run a metadata cleanup of it from yoru good DC   http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Then you wipe the box and you can rebuild and promote it again.
Thanks
Mike
0
 
msiebritsAuthor Commented:
Thank you for the advice Mike. The problem we have is that that server were the only CA certificate server and we need to get the certificates back somehow, hence the reason why we were trying to restore it. Then once restored we wanted to backup the CA certification authority to another server.
0
 
Mike KlineCommented:
Won't blow smoke on this one...I've never tested or gone through that scenario (seized FSMO with CA).  Brining the seized RID master back online will definitely  cause issues.
See if you get any other responses...may eventually need a PSS call.
Thanks
Mike
 
0
 
msiebritsAuthor Commented:
Right, we might have to look at this from a different perspective then. If I were to create a new CA then on a new DC what will be the implications with the current certificates out there? Will we have to add certificates onto every device again? Is there any way of say restoring the cersrv folder onto this new CA, and might this help?
Just looking for ideas and if anyone knows of a possible solution.
0
 
msiebritsAuthor Commented:
I did not receive any other solutions regarding this question
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now