Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Domain Offline for Extended Period

Posted on 2016-07-18
4
30 Views
Last Modified: 2016-09-28
Good day experts....

I have a Windows 2012r2 domain operating at the 2012r2 functional level.  This domain was shutdown in place about 7 months ago and has not been powered on since.  All domain controllers are virtual and ESXi is the virtualization platform.  Passwords are set to expire after 90 days.  I am looking to start this domain backup up and am asking for thoughts on the best way to startup and get back into this domain.

Some initial thoughts I have:
  1. Startup up ESXi servers and set the clock back 7 months
  2. Disconnect the time source
  3. Startup one of the domain controllers login and reset password (time should not update)
  4. Login and reset password
  5. Reconnect the time source
  6. Change time to present
  7. Change password again
  8. Startup 2nd domain controller

--or--
  1. Startup ESXi leaving time as it
  2. Startup 1st domain controller
  3. From the console login using password that will be expired and update
  4. Bring 2nd domain controller online
  5. Ensure clocks are current

I know this is a "corner case" and most of the answers will be speculative as to the results.  I am looking for ideas and thoughts and any will be appreciated.

As for why this has been shutdown for so long, this is a disconnected development environment that a contract ended for and now another contract has been awarded.  As for why everything is virtual, that was the best solution for the available resources.  I would like to stay away from the "you should have done it that way" discussions.

Thanks in advance for your help!
0
Comment
Question by:jchauncey60
  • 2
4 Comments
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41717638
You can just bring up whichever VM is hosting the PDC emulator and log in with the old password if you have it. Password Expiration doesn't prevent you from logging in when you log in through the Windows GUI. It just prompts you to reset the password. It will prevent you from logging in to applications that don't support integration with AD Password expiry (OWA, SharePoint, etc), but if you just log into the DC it should prompt you to reset your password. The systems connected to the domain should be able to connect to the domain despite the time lag because AD hasn't had a chance to reset system passwords for the past 7 months. It will do so on first boot, but the existing systems should still be able to communicate with the domain because they will have the most recent SCHANNEL password, which is acceptable for authentication at least 1 time after the DC changes it.

TL;DR - You shouldn't have to do anything special. Just spin up the VMs and log in with the old password (If you don't *have* the password, that's another matter altogether).
1
 

Author Comment

by:jchauncey60
ID: 41717789
Thanks for the quick response.  I am going to leave this open to see if there are any additional comments before accepting.
0
 

Author Comment

by:jchauncey60
ID: 41720902
Thanks again.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In-place Upgrading Dirsync to Azure AD Connect
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question