Server 2008 R2 Active Directory

Posted on 2015-01-16
Last Modified: 2015-01-20
we have main office and 6 sites We have a DC on each site
One site moved to a new building.During move,movers pulled power cable and DC never came back - blue screen
Our IT director said that in this case we should build a new DC with name reflecting new place location and new site
What steps should I take and what sequence of those steps should be
This is the first time I will do it from beginning to the end
Question by:Vadim Mikhal
LVL 10

Expert Comment

by:Muhammad Mulla
ID: 40553455
Make sure you have a full backup. Especially of AD.

A few things you probably need to keep in mind:

1. Create the site or make sure that the site has been created in AD Sites and Services
2. Check the replication health of your AD
3. Ensure that your FSMO roles are on your working DCs
4. Clear out any references to your failed DC from DNS, etc. Especially on  the DHCP server settings and on any statically configured domain members or DCs.
5. Clean up the metadata

Author Comment

by:Vadim Mikhal
ID: 40553735
No Backup
LVL 53

Accepted Solution

Will Szymkowski earned 500 total points
ID: 40553784
You do not need a backup in the case because you have multiple DC's in your environment at other sites. Your new DC will get all of the changes via replication.

You do however need to find out was this DC that failed holding any of the FSMO roles. Run the below command to check.
netdom query fsmo
If this DC does not have any FSMO roles assigned to it then it should be less work.

In server 2008 and up if you have a DC that has failed and it does not hold and FSMO roles then all you should need to do is deleted the computer account in Active Directory Users and Computers / and Sites-and-Services. Typically I still like to go back and check all of the places especially the SRV records in DNS integrated AD Zone (old school).

So that being said the link below will illustrate how to completely cleanup your Active Directory failed domain controller.

In the meantime what i would do for your clients is have them point to another DC in a different site. Depending on the latency it might take a bit longer to authenticate but once they have got their token from a different DC other services should be faster. This will at least get them up and running so that they can continue to work while you build another DC.

Once all of the metadata has been successfully removed, you can start the process of introducing the domain controller. Just remember that depending on the FFL and DFL of your current Active Directory you need to promote the appropriate OS version of domain controller.

So if your AD FFL/DFL is 2008R2 you cannot promote any DC's that are a prior OS version of Windows Server 2008 R2. Keep that in mind.

Metadata Cleanup (technet)

LVL 10

Expert Comment

by:Muhammad Mulla
ID: 40553835
Always make a backup before making potentially dangerous changes, such as ADSI Edits.
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40554149
I'm likely agreeing with much of what has already been said, so at a minimum, consider this agreement with the others in those areas:

1. Perform a backup on your existing DCs.
2. Run DCDIAG /C /E /V on your DCs (especially if you haven't lately).  In theory, you only need to run it on one, I'll be extra cautious and run it on all and then examine the output for any unexplained (there are a few that, under some circumstances, can be expected and left alone).  Correct any errors.  This includes a metadata cleanup of the failed DC (although, in 2008 R2, that should be automated, you can just delete the DC from the Domain Controller's OU.  I would still carefully examine DNS and run DCDIAG again to make sure it's all clean and stable.
3. Install the new DC as a member server and join it to the domain.
4. Define/rename the site on another DC.
5. Promote it to a DC.
6. Run DCDIAG AGAIN and verify it's all working well with the new DC.

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question