Solved

2008R2 Demote DC & Repromote best practice

Posted on 2013-01-29
4
1,631 Views
Last Modified: 2013-02-03
I have 2 x 2008R2 servers with AD server roles.

the secondary one (SERV2) has gone into USN rollback state from what i can google.
The Active Directory Domain Services database has been restored using an unsupported restoration procedure.
 Active Directory Domain Services will be unable to log on users while this condition persists. As a result, the Net Logon service has paused.


Will have to ask the other IT support if they had to do this before xmas when making some other changes to this system. May be causing some logon issues.

the primary (SERV1) has all FSMO roles. (netdom query fsmo)

SERV1 has AD, App, DHCP,DNS,Print & WebIIS roles. (and is the main intranet server)
SERV2 has AD,DNS,FileServ roles.

what is the best / quickest way to resolve this as the secondary machine is also the file server so repeated reboots can cause interuptions.

is removing the AD role from Serv2 , reboot , Add AD role and reboot the best way to clean up the mess ?  or is dcpromo from command line more appropriate ?
0
Comment
Question by:Robberbaron (robr)
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
peter_fleur earned 300 total points
ID: 38830228
If you did not make any changes in the AD on the SERV2, i would demote, reboot and promote and reboot. It won't take a lot of time but you have to reboot.

Peter
0
 
LVL 4

Expert Comment

by:palicos
ID: 38830497
0
 
LVL 32

Assisted Solution

by:Robberbaron (robr)
Robberbaron (robr) earned 0 total points
ID: 38830555
i ve seen the links.

in terms of demoting, my question was wether to
a.  remove the AD role from the server, or
b. to run dcpromo /forceremoval and the re-enable via dcpromo  http://support.microsoft.com/kb/332199


option a. makes most sense to me if possible,


see EE blog ....
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_2182-Removing-Failed-DC-Data-From-Active-Directory.html

this worked fine.
0
 
LVL 32

Author Closing Comment

by:Robberbaron (robr)
ID: 38848343
Further reading shows that adding the AD role to server only adds executables, which dcpromo does anyway.

We tried to run dcpromo but it would not do so cleanly, pointing at forceremoval .... then

I completely missed an EE blog on this question !!

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_2182-Removing-Failed-DC-Data-From-Active-Directory.html

this worked fine.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question