Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

2008R2 Demote DC & Repromote best practice

Posted on 2013-01-29
4
Medium Priority
?
2,053 Views
Last Modified: 2013-02-03
I have 2 x 2008R2 servers with AD server roles.

the secondary one (SERV2) has gone into USN rollback state from what i can google.
The Active Directory Domain Services database has been restored using an unsupported restoration procedure.
 Active Directory Domain Services will be unable to log on users while this condition persists. As a result, the Net Logon service has paused.


Will have to ask the other IT support if they had to do this before xmas when making some other changes to this system. May be causing some logon issues.

the primary (SERV1) has all FSMO roles. (netdom query fsmo)

SERV1 has AD, App, DHCP,DNS,Print & WebIIS roles. (and is the main intranet server)
SERV2 has AD,DNS,FileServ roles.

what is the best / quickest way to resolve this as the secondary machine is also the file server so repeated reboots can cause interuptions.

is removing the AD role from Serv2 , reboot , Add AD role and reboot the best way to clean up the mess ?  or is dcpromo from command line more appropriate ?
0
Comment
Question by:Robberbaron (robr)
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
peter_fleur earned 900 total points
ID: 38830228
If you did not make any changes in the AD on the SERV2, i would demote, reboot and promote and reboot. It won't take a lot of time but you have to reboot.

Peter
0
 
LVL 4

Expert Comment

by:palicos
ID: 38830497
0
 
LVL 32

Assisted Solution

by:Robberbaron (robr)
Robberbaron (robr) earned 0 total points
ID: 38830555
i ve seen the links.

in terms of demoting, my question was wether to
a.  remove the AD role from the server, or
b. to run dcpromo /forceremoval and the re-enable via dcpromo  http://support.microsoft.com/kb/332199


option a. makes most sense to me if possible,


see EE blog ....
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_2182-Removing-Failed-DC-Data-From-Active-Directory.html

this worked fine.
0
 
LVL 32

Author Closing Comment

by:Robberbaron (robr)
ID: 38848343
Further reading shows that adding the AD role to server only adds executables, which dcpromo does anyway.

We tried to run dcpromo but it would not do so cleanly, pointing at forceremoval .... then

I completely missed an EE blog on this question !!

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_2182-Removing-Failed-DC-Data-From-Active-Directory.html

this worked fine.
0

Featured Post

[Webinar] Cloud Security

In this webinar you will learn:

-Why existing firewall and DMZ architectures are not suited for securing cloud applications
-How to make your enterprise “Cloud Ready”, and fix your aging DMZ architecture
-How to transform your enterprise and become a Cloud Enabler

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question