What happens to a domain controller when it loses its connectivity during an outage

Posted on 2013-09-24
Medium Priority
Last Modified: 2013-09-24

What happens to a site when its domain controllers lose connectivity.  Is there a particular time limitation that we need to take into consideration should the site links go down that we need to be prepared for.
Its possible this link could be down from 10 minute up to an hour.  What is the risk to AD with regards to AD services, NTP, and what ever else I'm not thinking of.  
I have a circuit between to data centers thats got an issue and requires maintenance to repair.
Thanks in advance for any help.
Question by:dv8angel
LVL 57

Accepted Solution

Mike Kline earned 400 total points
ID: 39519236
Yes but the time limitation is much longer, it can be down as long as the tombstone lifetime period (TSL).  If it down longer than the TSL then you would have issues bringing it up

TSL is 60 or 180 days by default depending on the version

Windows 2000 (all SPs) = 60 days
Windows Server 2003 without SP = 60 days
Windows Server 2003 with SP1 = 180 days
Windows Server 2003 R2 with SP1 installed with both R2 discs = 60 days
Windows Server 2003 R2 with SP1 installed only with the first R2 Disc = 180
days Windows Server 2003 with SP2 = 180 days
Windows Server 2003 R2 with SP2 = 180 days
Windows Server 2008 = 180 days
Windows Server 2008 R2 = 180 days

I wouldn't keep them off that long.  If the box that holds certain FSMO roles like PDC emulator goes down try to get that back up in a few days at most.


LVL 29

Assisted Solution

becraig earned 300 total points
ID: 39519238
Depends on the tombstone value from an DC perspective.

As for sync NTP etc the DC will sync once it is back online once it has not passed the tombstone time limit.

An hour should provide no impact to your DC, if you see any issues dcdiag can help you to identify / resolve.

LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 100 total points
ID: 39519252
Nothing.   Computers in the site will authenticate to another DC.  Only issue you might be slow logons and some group policies may not apply if site link is slow.

Author Closing Comment

ID: 39519336
Hope you guys don't mind sharing the points, you all answered pretty quickly so I wanted to be fair.  You guys answered this in full for me, thank you so much!!!!!!
LVL 57

Expert Comment

by:Mike Kline
ID: 39519343
Sharing is great....glad you got the help you needed.



Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
I’m a fan of folder redirection, however, it does have a couple of “Gotchas!” you have to look out for.  For example, if you redirect a user’s AppData folder to a DFS namespace, shortcuts on the taskbar are no longer trusted.  Here’s how to fix that.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

586 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question