Solved

Domain Offline for Extended Period

Posted on 2016-07-18
4
21 Views
Last Modified: 2016-09-28
Good day experts....

I have a Windows 2012r2 domain operating at the 2012r2 functional level.  This domain was shutdown in place about 7 months ago and has not been powered on since.  All domain controllers are virtual and ESXi is the virtualization platform.  Passwords are set to expire after 90 days.  I am looking to start this domain backup up and am asking for thoughts on the best way to startup and get back into this domain.

Some initial thoughts I have:
  1. Startup up ESXi servers and set the clock back 7 months
  2. Disconnect the time source
  3. Startup one of the domain controllers login and reset password (time should not update)
  4. Login and reset password
  5. Reconnect the time source
  6. Change time to present
  7. Change password again
  8. Startup 2nd domain controller

--or--
  1. Startup ESXi leaving time as it
  2. Startup 1st domain controller
  3. From the console login using password that will be expired and update
  4. Bring 2nd domain controller online
  5. Ensure clocks are current

I know this is a "corner case" and most of the answers will be speculative as to the results.  I am looking for ideas and thoughts and any will be appreciated.

As for why this has been shutdown for so long, this is a disconnected development environment that a contract ended for and now another contract has been awarded.  As for why everything is virtual, that was the best solution for the available resources.  I would like to stay away from the "you should have done it that way" discussions.

Thanks in advance for your help!
0
Comment
Question by:jchauncey60
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41717638
You can just bring up whichever VM is hosting the PDC emulator and log in with the old password if you have it. Password Expiration doesn't prevent you from logging in when you log in through the Windows GUI. It just prompts you to reset the password. It will prevent you from logging in to applications that don't support integration with AD Password expiry (OWA, SharePoint, etc), but if you just log into the DC it should prompt you to reset your password. The systems connected to the domain should be able to connect to the domain despite the time lag because AD hasn't had a chance to reset system passwords for the past 7 months. It will do so on first boot, but the existing systems should still be able to communicate with the domain because they will have the most recent SCHANNEL password, which is acceptable for authentication at least 1 time after the DC changes it.

TL;DR - You shouldn't have to do anything special. Just spin up the VMs and log in with the old password (If you don't *have* the password, that's another matter altogether).
1
 

Author Comment

by:jchauncey60
ID: 41717789
Thanks for the quick response.  I am going to leave this open to see if there are any additional comments before accepting.
0
 

Author Comment

by:jchauncey60
ID: 41720902
Thanks again.
0

Join & Write a Comment

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now