dpmoney
asked on
Active Directory DC offline for 14 days - what should I do?
Hi experts,
I have 4 domain controllers and they are as follows:
DC1 Windows 2003 R2
DC2 Windows 2003 R2
DC3 Windows 2008 R2 (ALL FSMO roles here)
DC4 Windows 2008 R2
Ironically, I was preparing to DCPromo DC1 out of the network later today and attempted to logon via RDP and check it out first. I couldn't connect. Turns out I can't do anything with DC1 but ping it.
I went to DC3 and ran repadmin /replsummary and see all 4 DCs come back. DC2, DC3, and DC4 have a largest delta of about 50 minutes and no fails.
On the other hand, DC1 has a delta of 14d.13h:52m:43s, 10 fails, error (1727) the remote procedure call failed and did not execute.
Now, I have to decide whether to shut this server down dirty and power it back up - OR - just turn it off and rip it out of Active Directory manually. Either way, it is getting retired, but I'd love to do it gracefully via DCPromo.
If I reboot this thing, is it going to mess up my other 3 DC's since it is has been off-line for so long?
Thanks!
I have 4 domain controllers and they are as follows:
DC1 Windows 2003 R2
DC2 Windows 2003 R2
DC3 Windows 2008 R2 (ALL FSMO roles here)
DC4 Windows 2008 R2
Ironically, I was preparing to DCPromo DC1 out of the network later today and attempted to logon via RDP and check it out first. I couldn't connect. Turns out I can't do anything with DC1 but ping it.
I went to DC3 and ran repadmin /replsummary and see all 4 DCs come back. DC2, DC3, and DC4 have a largest delta of about 50 minutes and no fails.
On the other hand, DC1 has a delta of 14d.13h:52m:43s, 10 fails, error (1727) the remote procedure call failed and did not execute.
Now, I have to decide whether to shut this server down dirty and power it back up - OR - just turn it off and rip it out of Active Directory manually. Either way, it is getting retired, but I'd love to do it gracefully via DCPromo.
If I reboot this thing, is it going to mess up my other 3 DC's since it is has been off-line for so long?
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As long as this DC does not hold any of the roles you should be fine. I would still check the DNS SRV records (because there are a lot of locations) where this DC object could still exists. Also checking sites and services to ensure that the objects have been removed.
Once you have removed the DC from the domain make sure that replication and dcdiag are free of errors as well.
repadmin /replsum
dcdiag /v
dcdiag /dnsall
repadmin /bridgeheads
Will.
Once you have removed the DC from the domain make sure that replication and dcdiag are free of errors as well.
repadmin /replsum
dcdiag /v
dcdiag /dnsall
repadmin /bridgeheads
Will.
ASKER
Thanks, Will. So just to be 100% clear, you think I should simply head over to ADUC in my Windows 2008 R2 domain controller and remove this old DC1 box from the "domain controllers" section?
Luckily, this old DC1 box did not have any FSMO roles. It was just an old DC waiting for demotion.
Should've done it sooner.
Luckily, this old DC1 box did not have any FSMO roles. It was just an old DC waiting for demotion.
Should've done it sooner.
That is correct. Just remember to check and make sure that all remnants have been removed. Even those it should not matter and it should do it automatically, theory does not always work in practicality.
Will.
Will.
ASKER
I was able to get a new capacitor soldered on the PERC 5/i RAID controller and the server booted. I let it all sync than ran DCPromo gracefully out of the domain. I tried to split the points based on the initial responses and how much additional interaction I had with each contributor. Thanks!!!
ASKER