What happens if Primary Domain Controller goes down for good?

I have two domain controllers. I just recently promoted another one to be the backup. I was wondering what happens if either of these domain controllers goes down for good?

Do I have to do any type of active directory cleanup? I realize if one goes down the other should take over but I want to make sure if anything happens in the future I want to follow the best practices not to muddy up my network.
MEATBALLHEROAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Paul MacDonaldDirector, Information SystemsCommented:
I'll preface this by saying you should always have good backups of all your servers, but...

Since they should both have complete copies of AD, you should be okay there.  If the lost DC holds any FSMO roles, and you know for sure you can't restore the DC, you should "seize" the lost roles on the remaining server.

http://support.microsoft.com/kb/255690

http://support.microsoft.com/kb/255504
0
Mike KlineCommented:
You would have to do a metadata cleanup on the box that went down

http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Notice in 2008 the metadata cleanup is much easier (just delete the object).   Like previously mentioned you would also have to seize FSMO roles if applicable.

Thanks

Mike
0
SandeshdubeySenior Server EngineerCommented:
If you FSMO role holder server is down for few minutes then there should be no impact.However if it down for many hours then you can have impact.If the FSMO role holder cannot be bring back or taking long time you can seize the role on other DC.
 
There's some info on FSMOs and what would happen if any specific FSMO is down for any length of time, permanently or termporarily.
 
Active Directory FSMO Roles Explained and What Happens When They Fail and Why you may not be able to keep a DC up once roles were seized.
http://msmvps.com/blogs/acefekay/archive/2011/01/16/active-directory-fsmo-roles-explained.aspx

If the DC cannot be brought back you need to perform metadata cleanup.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Lee W, MVPTechnology and Business Process AdvisorCommented:
If you FSMO role holder server is down for few minutes then there should be no impact.However if it down for many hours then you can have impact.If the FSMO role holder cannot be bring back or taking long time you can seize the role on other DC.

It's important to point out that while potentially true, it GREATLY depends on the size of your organization and how much AD changes in an average hour or day or week.  Smaller networks can go for WEEKS OR MONTHS with the FSMO master(s) down and NOT have significant issues or even detectable (by the average users) issues.  While large organizations can start seeing issues after a few hours, potentially.  If you're asking this question or don't know this, your organization can ALMOST CERTAINLY last weeks or longer without noticing because if your organization was larger, you'd have the staff in place who knew this already.
0
MEATBALLHEROAuthor Commented:
We are 10 workstation company. So if I take the primary down for repair and it takes a week, once it is back up it should automatically update you're saying because we are so small a network?
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Yes, but... WHY ON EARTH would you have a server down for a week?  What do you consider "repair"?
0
Mike KlineCommented:
If you take primary down for repair and you know in advance that you are taking it down just gracefully transfer the FSMO roles if it holds them before you take it down.

It will automatically replicate not because you are a small network but because 10 days is less than the tombstone lifetime period.  If your DC is off longer than the TSL then it would have issues replicating when you brought it back

More on TSL  http://markparris.co.uk/2010/02/01/active-directory-tombstone-lifetime-set-it-to-the-correct-value/

Thanks

Mike
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
Mike, for a network of this size, would you really be concerned with and wanted to start transferring FSMO roles?  Larger environments, I would definitely consider it... but to apply service packs/updates or to upgrade hardware (which is presumably the only reasons it might go down expectedly), would you still do that?
0
MEATBALLHEROAuthor Commented:
To:leew

It could be down for a week if I have to order parts. By the time they ship and arrive it could take up to a week. I don't think that is unreasonable if you are a small company.

I also split points because each comment had an important piece of information.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
My opinion on servers is that they are servers.  They are almost certainly vital to the business.  Why wouldn't you overnight parts?  Better still, why is it not under a 24x7 warranty with 4 hour response/parts from the manufacturer?  Why is the server a not VM so you can easily move it to another server - or even a laptop?  I don't care about the workstations - they can be replaced in an hour and they only affect one person at a time... but a server can affect everyone and considering the lost productivity if your servers fail and leave many users unable to work, it's unwise in my opinion not to take appropriate measures... a second DC is nice, but really not the answer in my opinion.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.