Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks
COURSE of the MONTH
9 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Taking a "Secondary" backup domain controller off-site for a few weeks to a new building, can I rejoin it to the working domain later ?
Posted on 2011-09-14
Our IT manager would like to take one of our file servers off site for a few weeks to our new building which is being wired and tested. I can promote it with FSMO ( almost sure how to use that <gr> QUESTION is regarding what is best steps when we bring it back into the active domain.
Demote it first , or allow the existing two domain controllers to fight it out when it rejoins.
ALL WINDOWS 2003, running well
Demote it first , or allow the existing two domain controllers to fight it out when it rejoins.
ALL WINDOWS 2003, running well
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3
2
2- +1
8 Comments
If your AD is running correctly currently you "should" be able to take a DC offsite, and then bring it back online without issue as long as the time period does not exceed the tombstone period.
With that being said, it would be preferable to make a vm out of the machine and once you are done with it offsite just delete image so it could never come online in your existing envrironment
With that being said, it would be preferable to make a vm out of the machine and once you are done with it offsite just delete image so it could never come online in your existing envrironment
Active today
> I can promote it with FSMO
Why would you put the FSMO roles on a DC you're going to pull off the local network?
> Demote it first ...
Why would you add the FSMO roles and then demote it? Are you trying to completely destroy the domain?
DCs have a 60 day tombstone life - if they don't talk to the rest of the domain by then, then it's a problem. Otherwise, it should be fine to temporarily move it off site.
(Any reason you can't connect a VPN so you can get it back online MUCH, MUCH more quickly?
Why would you put the FSMO roles on a DC you're going to pull off the local network?
> Demote it first ...
Why would you add the FSMO roles and then demote it? Are you trying to completely destroy the domain?
DCs have a 60 day tombstone life - if they don't talk to the rest of the domain by then, then it's a problem. Otherwise, it should be fine to temporarily move it off site.
(Any reason you can't connect a VPN so you can get it back online MUCH, MUCH more quickly?
You will need a machine with FSMO roles (or access to a machine that has the FSMO roles), on the remote site in order to add users/computers etc to the domain - However, you can't add the FSMO sieze the roles to the onto a machine and then add it back to the domain where another machine has the FSMO roles - you will wreck your network - so don't even try it.
![[eBook] Windows Nano Server](https://filedb.experts-exchange.com/files/public/2017/6/24/1329f749-2f43-4bd1-8413-3b5b5ab33fc6.png)
Active today
> You will need a machine with FSMO roles (or access to a machine that has the
> FSMO roles), on the remote site in order to add users/computers etc to the domain -
Are you CERTAIN about this - isn't that what the RID master is for - allocating SIDs so that computers and users can be added to any DC regardless of FSMO placement? The only time they should need access to the FSMO servers is if they run out of RIDs (relative IDs).
> FSMO roles), on the remote site in order to add users/computers etc to the domain -
Are you CERTAIN about this - isn't that what the RID master is for - allocating SIDs so that computers and users can be added to any DC regardless of FSMO placement? The only time they should need access to the FSMO servers is if they run out of RIDs (relative IDs).
Sorry, my original question exposed my lack of experience with adding another windows 2003 domain controller. In order to "make" one of our existing file-servers an additional domain controller I plan to run the command DCPROMO on it. My mistake for using the term FSMO.
We simply want to be able to take it to the new site, plug it into the new switch and take over a notebook that already knows about our domain and login.No real work will be done. This will make our IT manager happy!
We simply want to be able to take it to the new site, plug it into the new switch and take over a notebook that already knows about our domain and login.No real work will be done. This will make our IT manager happy!
Providing that the computer and user accounts exist then you won't need the FSMO roles on the new DC, however, you will need to make sure the new DC is both a global catalog and DNS server.
I can't see what you hope to achieve however, if you can log on to the domain in the current location , then you will be able to log on in another location it you move the hardware to the new location...
I can't see what you hope to achieve however, if you can log on to the domain in the current location , then you will be able to log on in another location it you move the hardware to the new location...
Just make sure cached credentials are enabledand the user will be able to login without a dc present
I know you said this is a file server, are these files necessary for the singleuser?
I know you said this is a file server, are these files necessary for the singleuser?
Featured Post
This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
OnPage enhanced its integration with ConnectWise Manage to offer incident responders more control over the ticket and Incident Resolution Lifecycle.
- IT Administration
- ConnectWise Automate
- OnPage
- connectwise manage
- Managed Service Provider
- *connectwise integration
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses
Course of the Month9 days, 15 hours left to enroll
762 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.