Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 327
  • Last Modified:

Failing Domain controller, what to do

Hello,

At my site I have the following setup:

2 Domain controllers
-DC1 has all 5 FSMO roles, is a DNS server, and a global catalog
-DC2 is DNS server and Global Catalog

I noticed yesterday that DC1, which has a software RAID 1 config, lost one of its disks.  I'm trying to be proactive and figure out what I need to do.

What I was thinking is that I do the following:

1.  Transfer all FSMO roles over to DC2.  Once that has occurred I will then reboot it.
2.  On my client computers and servers, I will then change the primary DNS to DC2, and secondary to DC1 and then reboot them
3.  I'd also make sure to do this in the DHCP scope.

Will my solution work, or am I on the wrong path?

The reason I'm not looking to replace the disk is because it is a very old Dell 2650 and I have replacment DC's coming from Dell; however they are going to be 2008R2, which I already have a migration path for.  

Thanks,
0
lbtoadmin
Asked:
lbtoadmin
  • 5
  • 3
  • 2
  • +4
3 Solutions
 
GeodashCommented:
Yes, transfer the roles and continue down the path you have outlined. If there is a chance of not being able to restore the hardware on this DC, You may even want to demote it so then you will not have to do Metadata cleanup later. If you are comfortable doing that, transferring the roles is the most important.
0
 
Red_TechCommented:
It will work, but you shouldn't have to reboot them.
0
 
Mike KlineCommented:
Your plan is sound, make sure you have good backups of DC2 now after the transfer.

Once the new DC is up you can gracefully demote DC1 (hoping it stays up a few days for you)

Thanks

Mike
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
lbtoadminAuthor Commented:
Hello,

I've never done a metadata cleanup, what does that entail?  Do you mean going through ntdsutil and removing the old domain controller?  

If I simply demote it, will it tranfser the roles to the other domain controller automatically?
0
 
GeodashCommented:
going through ADSI edit and removing a failed DC if it is not demoted. Demoting it should automatically transfer the roles. I recommend doing it manually though, just to be certain
0
 
Mike KlineCommented:
Yes it means going through ntdsutil but in 2008 it is even easier (can do most of it through the GUI)

http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Hopefully you won't need to go through metadata cleanup

If you demote it it will trasnfer them but I'd just manually transfer them now (less than 5 minutes)

Thanks

Mike
0
 
GeodashCommented:
Correction not ADSI edit - sorry it is ntdsutil
0
 
lbtoadminAuthor Commented:
So it sound like I could transfer the roles, repoint my clients, and then when everything is good, I could demote it if I wanted?  That should clear out the entries in AD.
0
 
awaggonerCommented:
Your plan is sound.
I would keep DC1 in place and running until you get your new DC's running in added to your AD structure.

It is better to have both DC's running now, so you still have redundancy.  Demoting DC1 now removes your failover if something happens to DC2.

If DC1 dies on it's own before your new DC's are in place, it is easy enough to clean up with the previous instructions.
0
 
SandyCommented:
1. Seize the FSMO's
2. Transfer GC
3. Transfer Schema Master

ADC would be required
0
 
lbtoadminAuthor Commented:
What would happen if I transferred roles, but did not change the DNS entries on my client machines?  Would the logins be slower?  I'm guessing they would be.
0
 
GeodashCommented:
No need to seize if the DC is still up. You only need to seize if it fails.
0
 
GeodashCommented:
It should not be slower if both servers are in the DCHP settings. Just change the DHCP scopes to reflect the change in DNS, they will get the new settings.
0
 
Red_TechCommented:
You're on the right track. you don't need to worry about any cleanup or seizing of roles right now. Once you get done with your plan and the new DC is in place, demote the old one and you'll be just fine.
0
 
Leon FesterCommented:
The only thing missing from this discussion is...
make a backup of DC1 before you do anything.

Worst case scenario
What happens if DC1 falls over completely before you've move anything onto DC2?
At least then you'll be able to restore the system again.

Might want to add this link to your knowledge base:
http://support.microsoft.com/kb/249694

But yeah, the rest of the information required is covered above.
0
 
awaggonerCommented:
Replacement servers are already on the way.  The risk of both DCs failing at this point is fairly low.  

As long as the new DCs will be in place (even with 2003 domain functionality) shortly, like within a month, you should be fine without going nuts and taking a ton of effort to fix something that is going to be replaced in short order.

Of course you must have good backups, and if one DC fails before the new ones are functional, you should make all efforts to get a second one in place.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 5
  • 3
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now