Win2k8R2 server DC offline
I was planning to demote a Win2k8R2 server from the domain (single forest). I decided that I would simply take the server down and see what problems might arise or what implications if any it would cause. I did have a few users static IP using it as DNS.
I'm going to assume it was offline too long. I didn't event think about it. I booted it back up and have been having strange behavior throughout the network since.
The gp_updates for WSUS are not running. If I type gpudate /force from my machine I get the 1058 event so I know I am having issues with that. Probably replication issues as well.
Can I simply demote the server in my current state? Probably not. I see in a previous post the recommended the metadata cleanup but the server is back online. What advice can you give me to get out of this predicament?
Fortunately, it was NOT the FSMO but it was running DNS and GC.
I'm going to assume it was offline too long. I didn't event think about it. I booted it back up and have been having strange behavior throughout the network since.
The gp_updates for WSUS are not running. If I type gpudate /force from my machine I get the 1058 event so I know I am having issues with that. Probably replication issues as well.
Can I simply demote the server in my current state? Probably not. I see in a previous post the recommended the metadata cleanup but the server is back online. What advice can you give me to get out of this predicament?
Fortunately, it was NOT the FSMO but it was running DNS and GC.
Forcing removal of tombstoned Domain Controller
From <https://support.microsoft.com/en-us/kb/216498>
Determine the tombstone lifetime for the forest
From <https://technet.microsoft.com/en-us/library/Cc784932(v=WS.10).aspx>
Clean Up Server Metadata
https://technet.microsoft.com/en-us/library/Cc816907(v=WS.10).aspx
From <https://support.microsoft.com/en-us/kb/216498>
Determine the tombstone lifetime for the forest
From <https://technet.microsoft.com/en-us/library/Cc784932(v=WS.10).aspx>
Clean Up Server Metadata
https://technet.microsoft.com/en-us/library/Cc816907(v=WS.10).aspx
ASKER
It was not even close to 60 days. More like 7-10 days. The only thing it is used for is DC/DNS/GC. No file & Print sharing. I had used it as mostly a backup DC. It's old. I have since added 2 new W2k12R2 servers so just needed it gone.
ASKER
Is there a way to tell if it is tombstoned? I know when I run a dcdiag /a that its the only server having issues with FRS.
Can this be causing other issues with group policy and replication?
Can this be causing other issues with group policy and replication?
Ok, then it wasn't tombstoned. You can still use the same procedure to get rid of it. Do the dcpromo /forceremoval and then delete the metadata from AD.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Depends on the roles that server held, and now if server was off for any length of time AD sync is probably messed up, You should examine the roles of the server in the domain, resolve any AD errors that AD util shows then dcpromo the server to remove it as a DC. https://technet.microsoft.com/en-us/library/Cc771844(v=WS.10).aspx
How long was it down? The new default time for tombstone is 180 days, however, if the environment was upgraded over the years, it might still have the old value of 60 days.
If you are going to leave it out of your environment you can do a "dcpromo /forceremoval" on the box.
Go through the prompts, set a new password and then the old box will be a stand alone server.
Once this is done, you can simply clean up the server metadata by going into ADUC and delete the old DC.
Confirm you are sure you want to remove it and that will take care of it.