Solved

When is it too late to power back on a Secondary DC that's been offline for 26 days?

Posted on 2016-08-24
7
38 Views
Last Modified: 2016-08-24
We had a backup server's hardware fail & take out one of our secondary domain controllers with it. The failed dc is a writable Windows Server 2008 R2 but with no FSMO roles attached to it. The hardware has been fixed but the secondary dc has been offline for 26 days now. Is it safe to bring back online without any consequences?

Both our Primary (Windows Server 2012 R2) and two other secondary's (Windows Server 2012 R2 & Windows Server 2008 R2) have remained online during this time frame and our functioning correctly.

Thanks for your time.
0
Comment
Question by:J. Jason LaCroix
7 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 41769352
I believe it tombstones or whatever it's called in 30 days.  So make haste if this is true or a lot of work will be needed.
:)
1
 
LVL 20

Expert Comment

by:CompProbSolv
ID: 41769435
I think that the default setting is 60 days, but it can be changed.

You should be able to bring the repaired server online and have it replicate properly.  On the other hand, if you have 3 DCs that are working properly I would consider removing and reinstalling AD on the server and then promote it.  It should get everything it needs from the other DCs.
1
 
LVL 6

Assisted Solution

by:sAMAccountName
sAMAccountName earned 250 total points
ID: 41769497
The default Tombstone Lifetime value for AD 2008 and newer is 60 days.  If you chose to recover the DC, you should be able to do so safely however there may be unexpected changes that will replicate outbound from that DC...  This may cause more confusion than its worth at this point.  Personally, I'd simply scrub it from the domain/forest and rebuild it.
1
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 11

Accepted Solution

by:
Ben Personick earned 250 total points
ID: 41769528
Default tombstone lifetime is 60 days.

If you're running anything newer than windows 2000, you can even rescue domain controllers which have exceeded thw tombstone lifetime.  Just longer more annoying process.

However at 27 days nothing to worry about, you'll probably have some basic replication problems, but usually a couple reboots and some forced syncs will shake that out.

Run RepAdmin /ReplSummary on each DC a couple times after the old DC comes back up see iff its complaigning about passwords being expired ans no PDC, if so give another reboot force AD sync when it comes back up wait 15 minutes more and diagnose any remaining replication problems.

At that point it may still shake itself out given a little longer, depends on your replication topology and number of sites/DC.

if not then diagnose the problems from RepAdmin/replesum and the event logs to resolve any remainaing replication issuses
0
 

Author Closing Comment

by:J. Jason LaCroix
ID: 41769537
thanks to all who contributed answers to my post. it is much appreciated. well done.
0
 
LVL 11

Expert Comment

by:Ben Personick
ID: 41769540
note I assume this was just a hardware failure, and you didn't restore a backup of the DC.

 If you did restore a backup of the DC, then DO NOT turn it on, that can cause major issues with your domain.

restoring DCs from backup requires a very specific set of steps, I find in that case its always easier to treat the DC as lost, clear the meta Data for it, build a new replacement DC from scratch and join it and then promote it verses dealing with getting the restore right.
0
 
LVL 11

Expert Comment

by:Ben Personick
ID: 41769542
glad to help
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now