Solved

Failing Domain controller, what to do

Posted on 2012-03-29
16
279 Views
Last Modified: 2016-11-23
Hello,

At my site I have the following setup:

2 Domain controllers
-DC1 has all 5 FSMO roles, is a DNS server, and a global catalog
-DC2 is DNS server and Global Catalog

I noticed yesterday that DC1, which has a software RAID 1 config, lost one of its disks.  I'm trying to be proactive and figure out what I need to do.

What I was thinking is that I do the following:

1.  Transfer all FSMO roles over to DC2.  Once that has occurred I will then reboot it.
2.  On my client computers and servers, I will then change the primary DNS to DC2, and secondary to DC1 and then reboot them
3.  I'd also make sure to do this in the DHCP scope.

Will my solution work, or am I on the wrong path?

The reason I'm not looking to replace the disk is because it is a very old Dell 2650 and I have replacment DC's coming from Dell; however they are going to be 2008R2, which I already have a migration path for.  

Thanks,
0
Comment
Question by:lbtoadmin
  • 5
  • 3
  • 2
  • +4
16 Comments
 
LVL 9

Accepted Solution

by:
Geodash earned 334 total points
ID: 37782531
Yes, transfer the roles and continue down the path you have outlined. If there is a chance of not being able to restore the hardware on this DC, You may even want to demote it so then you will not have to do Metadata cleanup later. If you are comfortable doing that, transferring the roles is the most important.
0
 
LVL 4

Expert Comment

by:Red_Tech
ID: 37782532
It will work, but you shouldn't have to reboot them.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37782552
Your plan is sound, make sure you have good backups of DC2 now after the transfer.

Once the new DC is up you can gracefully demote DC1 (hoping it stays up a few days for you)

Thanks

Mike
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:lbtoadmin
ID: 37782564
Hello,

I've never done a metadata cleanup, what does that entail?  Do you mean going through ntdsutil and removing the old domain controller?  

If I simply demote it, will it tranfser the roles to the other domain controller automatically?
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37782581
going through ADSI edit and removing a failed DC if it is not demoted. Demoting it should automatically transfer the roles. I recommend doing it manually though, just to be certain
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37782582
Yes it means going through ntdsutil but in 2008 it is even easier (can do most of it through the GUI)

http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Hopefully you won't need to go through metadata cleanup

If you demote it it will trasnfer them but I'd just manually transfer them now (less than 5 minutes)

Thanks

Mike
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 334 total points
ID: 37782593
Correction not ADSI edit - sorry it is ntdsutil
0
 

Author Comment

by:lbtoadmin
ID: 37782629
So it sound like I could transfer the roles, repoint my clients, and then when everything is good, I could demote it if I wanted?  That should clear out the entries in AD.
0
 
LVL 6

Assisted Solution

by:awaggoner
awaggoner earned 166 total points
ID: 37782632
Your plan is sound.
I would keep DC1 in place and running until you get your new DC's running in added to your AD structure.

It is better to have both DC's running now, so you still have redundancy.  Demoting DC1 now removes your failover if something happens to DC2.

If DC1 dies on it's own before your new DC's are in place, it is easy enough to clean up with the previous instructions.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 37782633
1. Seize the FSMO's
2. Transfer GC
3. Transfer Schema Master

ADC would be required
0
 

Author Comment

by:lbtoadmin
ID: 37782637
What would happen if I transferred roles, but did not change the DNS entries on my client machines?  Would the logins be slower?  I'm guessing they would be.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37782639
No need to seize if the DC is still up. You only need to seize if it fails.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37782644
It should not be slower if both servers are in the DCHP settings. Just change the DHCP scopes to reflect the change in DNS, they will get the new settings.
0
 
LVL 4

Expert Comment

by:Red_Tech
ID: 37782705
You're on the right track. you don't need to worry about any cleanup or seizing of roles right now. Once you get done with your plan and the new DC is in place, demote the old one and you'll be just fine.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37792040
The only thing missing from this discussion is...
make a backup of DC1 before you do anything.

Worst case scenario
What happens if DC1 falls over completely before you've move anything onto DC2?
At least then you'll be able to restore the system again.

Might want to add this link to your knowledge base:
http://support.microsoft.com/kb/249694

But yeah, the rest of the information required is covered above.
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37792098
Replacement servers are already on the way.  The risk of both DCs failing at this point is fairly low.  

As long as the new DCs will be in place (even with 2003 domain functionality) shortly, like within a month, you should be fine without going nuts and taking a ton of effort to fix something that is going to be replaced in short order.

Of course you must have good backups, and if one DC fails before the new ones are functional, you should make all efforts to get a second one in place.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS issue with resolving request 14 85
Will either laptop run DayZ? 2 38
Cannot Change Local DNS 9 43
Enterprise Mode 4 28
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question