We help IT Professionals succeed at work.

"backup" domain controller

seven45
seven45 used Ask the Experts™
on
2 domain controllers: DC1 (holds all fsmo), DC2--acting as a backup and a print server/app server.

DC2 died but there's a sysstate.
rebuilt DC2 from scratch--- is it better to F8 into directory services restore mode and perform a sysstate restore (with a non authorative restore as we dont want the backup to overwrite the existing domain), or is it better to bring DC2 as a separate DC (DC3) with a new IP and DCpromo it to the domain.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Honestly you could do either one. It basically will depend on what you feel more comfortable doing. If you are sure your backup is valid and easily restorable you could bring the DC back up as its original DC2.

If you are not sure about your backup you could do the metadata cleanup on DC2 and then after that has been completed bring the now DC back into your domain.

Author

Commented:
Thanks for the prompt response---not sure aobut the validity of the backup.

so option 2 looks better: (metadata cleanup).  can the new DC be DCpromo'd first, then run metadata cleanup at a later time?    also any good links for a complete metadata cleanup?
Top Expert 2013

Commented:
Either works but if you rebuild it then you would have to do the metadata cleanup.  I'd probably try the non-auth restore first.  If your backup is not good or it fails then you can rebuild/metadata cleanup

Thanks

Mike
Ive always read that you want to have your ad environment "clean" before trying to add new servers. So in this case i would say metadata cleanup first, allow time to replicate, then promote.
Here is the link for metadata cleanup

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
DC2 is gone down. SO perform Metadata clean up of DC2 and make sure non its references exists in a domain.

Refer below link which explains this clearly,

http://support.microsoft.com/kb/216498

And also make sure there are no DNS entry of DC2 exists in a domain.

Check these area for the DNS entries

-Each & every sub folder inside _msdcs folder in DNS

-Name server tab in DNS

-Host records in DNS

Once you made sure there are no refereces , you can go ahead and rebuild the DC2 again.

Run Dcrpomo on it, and wait for replication from your DC1, Here no need to performing any restore . The data will be synced with Replicaiton.

Hope this helps.

Regards,

_Prashant_