Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

is it safe to re-promote a failed dc

Posted on 2011-03-03
10
Medium Priority
?
579 Views
Last Modified: 2012-05-11
Had a failed DC that has been forcedremoved...

Is it safe to dcpromo it back into the domain?

It was the FSMO role holder and all those roles have been seized by another dc, now the failed dc is back working and I would like to just re-promote it without installing the OS.

It has been offline for 3 days, and all the metadata has been cleaned up on the new dc.

Thanks in advance
0
Comment
Question by:durango099
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 21

Expert Comment

by:snusgubben
ID: 35031004
It's safe (like it will not kill you ;). Do you plan to reuse the name and IP?
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 800 total points
ID: 35031013
It is always recommended that if you had to seize the FSMO roles that the server should be flattened and rebuilt.

However, from my experience I can say that I have not known this to be a problem, if it doesn't currently have Active Directory on it then you should be able to re-promote it to a DC.

As I said though it is recommended that it be flattened and rebuilt.
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35031028
Sure, If you must avoid the reimage.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 74

Expert Comment

by:Glen Knight
ID: 35031033
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 600 total points
ID: 35031087
Like demazter said you won't go wrong with flatten/rebuild but if you have done the metadata cleanup and made sure the cleanup has replicated and there are no remnants left you should be fine to to join it back up and repromote.

You can also see this link about halfway down for steps

http://blogs.technet.com/b/askds/archive/2009/06/05/dc-s-and-vm-s-avoiding-the-do-over.aspx

Thanks

Mike
0
 
LVL 1

Author Comment

by:durango099
ID: 35047298
Thanks for the input-

I am going to backup system state on the current DC, and then attempt to dcpromo the old DC back into the domain using the same name and IP.

Next step would be to transfer the roles back to the failed DC after replaction of AD.

Will run the first attempt tomorrow night (Monday) and report the results.

0
 
LVL 1

Author Comment

by:durango099
ID: 35071331
The DCPROMO seems to have gone well...so far anyway

Is there a good way to tell if the DC's have replicated?

I have added the GC flag to the failed DC, and once I know the replication is working what roles would be good to share/transfer back?

All roles are currently being held by the backup DC now.

Thanks

Mark
0
 
LVL 21

Assisted Solution

by:snusgubben
snusgubben earned 600 total points
ID: 35072624
"repadmin /replsum" will give you a quick forest wide replication overview. Also look in the event logs and dcdiag for errors.

I'm not sure what you define as a backup DC, but you place the FSMOs where you want them to be. I'll recomend you not to split the up on different DCs.
0
 
LVL 1

Author Comment

by:durango099
ID: 35072782
Thanks snusgubben

The backup DC is defined as the secondary DC before the PDC failed. Now that the PDC is back online and the DC roles added back, I would like to transfer all FSMO roles back to it.

Mark
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35072839
You can transfer them, that is ok, http://www.petri.co.il/transferring_fsmo_roles.htm
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question