?
Solved

Active Directory DC offline for 14 days - what should I do?

Posted on 2015-01-09
7
Medium Priority
?
213 Views
Last Modified: 2015-01-09
Hi experts,

I have 4 domain controllers and they are as follows:

DC1     Windows 2003 R2
DC2     Windows 2003 R2

DC3     Windows 2008 R2  (ALL FSMO roles here)
DC4     Windows 2008 R2

Ironically, I was preparing to DCPromo DC1 out of the network later today and attempted to logon via RDP and check it out first.  I couldn't connect.  Turns out I can't do anything with DC1 but ping it.

I went to DC3 and ran repadmin /replsummary and see all 4 DCs come back.  DC2, DC3, and DC4 have a largest delta of about 50 minutes and no fails.  

On the other hand, DC1 has a delta of 14d.13h:52m:43s, 10 fails, error (1727) the remote procedure call failed and did not execute.  

Now, I have to decide whether to shut this server down dirty and power it back up - OR - just turn it off and rip it out of Active Directory manually.  Either way, it is getting retired, but I'd love to do it gracefully via DCPromo.

If I reboot this thing, is it going to mess up my other 3 DC's since it is has been off-line for so long?  

Thanks!
0
Comment
Question by:dpmoney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 35

Assisted Solution

by:Joseph Daly
Joseph Daly earned 400 total points
ID: 40540829
14 days is well within the tombstone period and should not cause you any issues. If you can reboot and bring it back up do so, let everything take time to replicate back, then demote.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 1600 total points
ID: 40540830
If the server is operable best thing to do is power on the server, the delta's will replicate to this DC (provided all of the services are fine) and then you can gracefully remove the DC from the domain.

I would not do this manually if the DC startup properly. Too much work involved to do it manually with all of the DNS SRV records that are associated to this DC.

Gracefully is the best way if possible.

Will.
0
 

Author Comment

by:dpmoney
ID: 40541150
Oh boy...looks like the RAID card is dead and system won't boot up.  Halts at BIOS screen.  This is an old Dell server.  No longer in warranty.  I guess I could try to get a replacement PCIE RAID card on eBay just to get the thing booted againt, but at that point, it is almost sounding easier to simply remove the domain controller card from Windows 2008 R2's ADUC.  I've read that if you remove a domain controller from ADUC using Windows 2008 or above, it will do the meta clean up for you.  Have you guys heard of that?  How much of a pain will it be if I go this route?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40541164
As long as this DC does not hold any of the roles you should be fine. I would still check the DNS SRV records (because there are a lot of locations) where this DC object could still exists. Also checking sites and services to ensure that the objects have been removed.

Once you have removed the DC from the domain make sure that replication and dcdiag are free of errors as well.
repadmin /replsum
dcdiag /v
dcdiag /dnsall
repadmin /bridgeheads

Will.
0
 

Author Comment

by:dpmoney
ID: 40541182
Thanks, Will.  So just to be 100% clear, you think I should simply head over to ADUC in my Windows 2008 R2 domain controller and remove this old DC1 box from the "domain controllers" section?  

Luckily, this old DC1 box did not have any FSMO roles.  It was just an old DC waiting for demotion.

Should've done it sooner.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40541185
That is correct. Just remember to check and make sure that all remnants have been removed. Even those it should not matter and it should do it automatically, theory does not always work in practicality.

Will.
0
 

Author Closing Comment

by:dpmoney
ID: 40541615
I was able to get a new capacitor soldered on the PERC 5/i RAID controller and the server booted.  I let it all sync than ran DCPromo gracefully out of the domain.  I tried to split the points based on the initial responses and how much additional interaction I had with each contributor.  Thanks!!!
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question