Solved

Failing Domain controller, what to do

Posted on 2012-03-29
16
313 Views
Last Modified: 2016-11-23
Hello,

At my site I have the following setup:

2 Domain controllers
-DC1 has all 5 FSMO roles, is a DNS server, and a global catalog
-DC2 is DNS server and Global Catalog

I noticed yesterday that DC1, which has a software RAID 1 config, lost one of its disks.  I'm trying to be proactive and figure out what I need to do.

What I was thinking is that I do the following:

1.  Transfer all FSMO roles over to DC2.  Once that has occurred I will then reboot it.
2.  On my client computers and servers, I will then change the primary DNS to DC2, and secondary to DC1 and then reboot them
3.  I'd also make sure to do this in the DHCP scope.

Will my solution work, or am I on the wrong path?

The reason I'm not looking to replace the disk is because it is a very old Dell 2650 and I have replacment DC's coming from Dell; however they are going to be 2008R2, which I already have a migration path for.  

Thanks,
0
Comment
Question by:lbtoadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +4
16 Comments
 
LVL 9

Accepted Solution

by:
Geodash earned 334 total points
ID: 37782531
Yes, transfer the roles and continue down the path you have outlined. If there is a chance of not being able to restore the hardware on this DC, You may even want to demote it so then you will not have to do Metadata cleanup later. If you are comfortable doing that, transferring the roles is the most important.
0
 
LVL 4

Expert Comment

by:Red_Tech
ID: 37782532
It will work, but you shouldn't have to reboot them.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37782552
Your plan is sound, make sure you have good backups of DC2 now after the transfer.

Once the new DC is up you can gracefully demote DC1 (hoping it stays up a few days for you)

Thanks

Mike
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:lbtoadmin
ID: 37782564
Hello,

I've never done a metadata cleanup, what does that entail?  Do you mean going through ntdsutil and removing the old domain controller?  

If I simply demote it, will it tranfser the roles to the other domain controller automatically?
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37782581
going through ADSI edit and removing a failed DC if it is not demoted. Demoting it should automatically transfer the roles. I recommend doing it manually though, just to be certain
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37782582
Yes it means going through ntdsutil but in 2008 it is even easier (can do most of it through the GUI)

http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Hopefully you won't need to go through metadata cleanup

If you demote it it will trasnfer them but I'd just manually transfer them now (less than 5 minutes)

Thanks

Mike
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 334 total points
ID: 37782593
Correction not ADSI edit - sorry it is ntdsutil
0
 

Author Comment

by:lbtoadmin
ID: 37782629
So it sound like I could transfer the roles, repoint my clients, and then when everything is good, I could demote it if I wanted?  That should clear out the entries in AD.
0
 
LVL 6

Assisted Solution

by:awaggoner
awaggoner earned 166 total points
ID: 37782632
Your plan is sound.
I would keep DC1 in place and running until you get your new DC's running in added to your AD structure.

It is better to have both DC's running now, so you still have redundancy.  Demoting DC1 now removes your failover if something happens to DC2.

If DC1 dies on it's own before your new DC's are in place, it is easy enough to clean up with the previous instructions.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 37782633
1. Seize the FSMO's
2. Transfer GC
3. Transfer Schema Master

ADC would be required
0
 

Author Comment

by:lbtoadmin
ID: 37782637
What would happen if I transferred roles, but did not change the DNS entries on my client machines?  Would the logins be slower?  I'm guessing they would be.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37782639
No need to seize if the DC is still up. You only need to seize if it fails.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37782644
It should not be slower if both servers are in the DCHP settings. Just change the DHCP scopes to reflect the change in DNS, they will get the new settings.
0
 
LVL 4

Expert Comment

by:Red_Tech
ID: 37782705
You're on the right track. you don't need to worry about any cleanup or seizing of roles right now. Once you get done with your plan and the new DC is in place, demote the old one and you'll be just fine.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37792040
The only thing missing from this discussion is...
make a backup of DC1 before you do anything.

Worst case scenario
What happens if DC1 falls over completely before you've move anything onto DC2?
At least then you'll be able to restore the system again.

Might want to add this link to your knowledge base:
http://support.microsoft.com/kb/249694

But yeah, the rest of the information required is covered above.
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37792098
Replacement servers are already on the way.  The risk of both DCs failing at this point is fairly low.  

As long as the new DCs will be in place (even with 2003 domain functionality) shortly, like within a month, you should be fine without going nuts and taking a ton of effort to fix something that is going to be replaced in short order.

Of course you must have good backups, and if one DC fails before the new ones are functional, you should make all efforts to get a second one in place.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question