Solved

2008R2 Demote DC & Repromote best practice

Posted on 2013-01-29
4
1,357 Views
Last Modified: 2013-02-03
I have 2 x 2008R2 servers with AD server roles.

the secondary one (SERV2) has gone into USN rollback state from what i can google.
The Active Directory Domain Services database has been restored using an unsupported restoration procedure.
 Active Directory Domain Services will be unable to log on users while this condition persists. As a result, the Net Logon service has paused.


Will have to ask the other IT support if they had to do this before xmas when making some other changes to this system. May be causing some logon issues.

the primary (SERV1) has all FSMO roles. (netdom query fsmo)

SERV1 has AD, App, DHCP,DNS,Print & WebIIS roles. (and is the main intranet server)
SERV2 has AD,DNS,FileServ roles.

what is the best / quickest way to resolve this as the secondary machine is also the file server so repeated reboots can cause interuptions.

is removing the AD role from Serv2 , reboot , Add AD role and reboot the best way to clean up the mess ?  or is dcpromo from command line more appropriate ?
0
Comment
Question by:Robberbaron (robr)
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
peter_fleur earned 300 total points
Comment Utility
If you did not make any changes in the AD on the SERV2, i would demote, reboot and promote and reboot. It won't take a lot of time but you have to reboot.

Peter
0
 
LVL 4

Expert Comment

by:palicos
Comment Utility
0
 
LVL 32

Assisted Solution

by:Robberbaron (robr)
Robberbaron (robr) earned 0 total points
Comment Utility
i ve seen the links.

in terms of demoting, my question was wether to
a.  remove the AD role from the server, or
b. to run dcpromo /forceremoval and the re-enable via dcpromo  http://support.microsoft.com/kb/332199


option a. makes most sense to me if possible,


see EE blog ....
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_2182-Removing-Failed-DC-Data-From-Active-Directory.html

this worked fine.
0
 
LVL 32

Author Closing Comment

by:Robberbaron (robr)
Comment Utility
Further reading shows that adding the AD role to server only adds executables, which dcpromo does anyway.

We tried to run dcpromo but it would not do so cleanly, pointing at forceremoval .... then

I completely missed an EE blog on this question !!

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_2182-Removing-Failed-DC-Data-From-Active-Directory.html

this worked fine.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now