Solved

Domain Offline for Extended Period

Posted on 2016-07-18
4
27 Views
Last Modified: 2016-09-28
Good day experts....

I have a Windows 2012r2 domain operating at the 2012r2 functional level.  This domain was shutdown in place about 7 months ago and has not been powered on since.  All domain controllers are virtual and ESXi is the virtualization platform.  Passwords are set to expire after 90 days.  I am looking to start this domain backup up and am asking for thoughts on the best way to startup and get back into this domain.

Some initial thoughts I have:
  1. Startup up ESXi servers and set the clock back 7 months
  2. Disconnect the time source
  3. Startup one of the domain controllers login and reset password (time should not update)
  4. Login and reset password
  5. Reconnect the time source
  6. Change time to present
  7. Change password again
  8. Startup 2nd domain controller

--or--
  1. Startup ESXi leaving time as it
  2. Startup 1st domain controller
  3. From the console login using password that will be expired and update
  4. Bring 2nd domain controller online
  5. Ensure clocks are current

I know this is a "corner case" and most of the answers will be speculative as to the results.  I am looking for ideas and thoughts and any will be appreciated.

As for why this has been shutdown for so long, this is a disconnected development environment that a contract ended for and now another contract has been awarded.  As for why everything is virtual, that was the best solution for the available resources.  I would like to stay away from the "you should have done it that way" discussions.

Thanks in advance for your help!
0
Comment
Question by:jchauncey60
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41717638
You can just bring up whichever VM is hosting the PDC emulator and log in with the old password if you have it. Password Expiration doesn't prevent you from logging in when you log in through the Windows GUI. It just prompts you to reset the password. It will prevent you from logging in to applications that don't support integration with AD Password expiry (OWA, SharePoint, etc), but if you just log into the DC it should prompt you to reset your password. The systems connected to the domain should be able to connect to the domain despite the time lag because AD hasn't had a chance to reset system passwords for the past 7 months. It will do so on first boot, but the existing systems should still be able to communicate with the domain because they will have the most recent SCHANNEL password, which is acceptable for authentication at least 1 time after the DC changes it.

TL;DR - You shouldn't have to do anything special. Just spin up the VMs and log in with the old password (If you don't *have* the password, that's another matter altogether).
1
 

Author Comment

by:jchauncey60
ID: 41717789
Thanks for the quick response.  I am going to leave this open to see if there are any additional comments before accepting.
0
 

Author Comment

by:jchauncey60
ID: 41720902
Thanks again.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Group policy backup error 8 25
Server 2012 R2 RDS NAT disconnects 5 30
active directory 5 49
Unable to install IIS8 on Windows 2012 server. 3 23
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now