• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 76
  • Last Modified:

When is it too late to power back on a Secondary DC that's been offline for 26 days?

We had a backup server's hardware fail & take out one of our secondary domain controllers with it. The failed dc is a writable Windows Server 2008 R2 but with no FSMO roles attached to it. The hardware has been fixed but the secondary dc has been offline for 26 days now. Is it safe to bring back online without any consequences?

Both our Primary (Windows Server 2012 R2) and two other secondary's (Windows Server 2012 R2 & Windows Server 2008 R2) have remained online during this time frame and our functioning correctly.

Thanks for your time.
0
J. Jason LaCroix
Asked:
J. Jason LaCroix
2 Solutions
 
pjamCommented:
I believe it tombstones or whatever it's called in 30 days.  So make haste if this is true or a lot of work will be needed.
:)
1
 
CompProbSolvCommented:
I think that the default setting is 60 days, but it can be changed.

You should be able to bring the repaired server online and have it replicate properly.  On the other hand, if you have 3 DCs that are working properly I would consider removing and reinstalling AD on the server and then promote it.  It should get everything it needs from the other DCs.
1
 
sAMAccountNameSr. Systems EngineerCommented:
The default Tombstone Lifetime value for AD 2008 and newer is 60 days.  If you chose to recover the DC, you should be able to do so safely however there may be unexpected changes that will replicate outbound from that DC...  This may cause more confusion than its worth at this point.  Personally, I'd simply scrub it from the domain/forest and rebuild it.
1
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
Default tombstone lifetime is 60 days.

If you're running anything newer than windows 2000, you can even rescue domain controllers which have exceeded thw tombstone lifetime.  Just longer more annoying process.

However at 27 days nothing to worry about, you'll probably have some basic replication problems, but usually a couple reboots and some forced syncs will shake that out.

Run RepAdmin /ReplSummary on each DC a couple times after the old DC comes back up see iff its complaigning about passwords being expired ans no PDC, if so give another reboot force AD sync when it comes back up wait 15 minutes more and diagnose any remaining replication problems.

At that point it may still shake itself out given a little longer, depends on your replication topology and number of sites/DC.

if not then diagnose the problems from RepAdmin/replesum and the event logs to resolve any remainaing replication issuses
0
 
J. Jason LaCroixAuthor Commented:
thanks to all who contributed answers to my post. it is much appreciated. well done.
0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
note I assume this was just a hardware failure, and you didn't restore a backup of the DC.

 If you did restore a backup of the DC, then DO NOT turn it on, that can cause major issues with your domain.

restoring DCs from backup requires a very specific set of steps, I find in that case its always easier to treat the DC as lost, clear the meta Data for it, build a new replacement DC from scratch and join it and then promote it verses dealing with getting the restore right.
0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
glad to help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now