Improve company productivity with a Business Account.Sign Up

x
?
Solved

When is it too late to power back on a Secondary DC that's been offline for 26 days?

Posted on 2016-08-24
7
Medium Priority
?
64 Views
Last Modified: 2016-08-24
We had a backup server's hardware fail & take out one of our secondary domain controllers with it. The failed dc is a writable Windows Server 2008 R2 but with no FSMO roles attached to it. The hardware has been fixed but the secondary dc has been offline for 26 days now. Is it safe to bring back online without any consequences?

Both our Primary (Windows Server 2012 R2) and two other secondary's (Windows Server 2012 R2 & Windows Server 2008 R2) have remained online during this time frame and our functioning correctly.

Thanks for your time.
0
Comment
Question by:J. Jason LaCroix
7 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 41769352
I believe it tombstones or whatever it's called in 30 days.  So make haste if this is true or a lot of work will be needed.
:)
1
 
LVL 23

Expert Comment

by:CompProbSolv
ID: 41769435
I think that the default setting is 60 days, but it can be changed.

You should be able to bring the repaired server online and have it replicate properly.  On the other hand, if you have 3 DCs that are working properly I would consider removing and reinstalling AD on the server and then promote it.  It should get everything it needs from the other DCs.
1
 
LVL 6

Assisted Solution

by:sAMAccountName
sAMAccountName earned 1000 total points
ID: 41769497
The default Tombstone Lifetime value for AD 2008 and newer is 60 days.  If you chose to recover the DC, you should be able to do so safely however there may be unexpected changes that will replicate outbound from that DC...  This may cause more confusion than its worth at this point.  Personally, I'd simply scrub it from the domain/forest and rebuild it.
1
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
LVL 15

Accepted Solution

by:
Ben Personick (Previously QCubed) earned 1000 total points
ID: 41769528
Default tombstone lifetime is 60 days.

If you're running anything newer than windows 2000, you can even rescue domain controllers which have exceeded thw tombstone lifetime.  Just longer more annoying process.

However at 27 days nothing to worry about, you'll probably have some basic replication problems, but usually a couple reboots and some forced syncs will shake that out.

Run RepAdmin /ReplSummary on each DC a couple times after the old DC comes back up see iff its complaigning about passwords being expired ans no PDC, if so give another reboot force AD sync when it comes back up wait 15 minutes more and diagnose any remaining replication problems.

At that point it may still shake itself out given a little longer, depends on your replication topology and number of sites/DC.

if not then diagnose the problems from RepAdmin/replesum and the event logs to resolve any remainaing replication issuses
0
 

Author Closing Comment

by:J. Jason LaCroix
ID: 41769537
thanks to all who contributed answers to my post. it is much appreciated. well done.
0
 
LVL 15
ID: 41769540
note I assume this was just a hardware failure, and you didn't restore a backup of the DC.

 If you did restore a backup of the DC, then DO NOT turn it on, that can cause major issues with your domain.

restoring DCs from backup requires a very specific set of steps, I find in that case its always easier to treat the DC as lost, clear the meta Data for it, build a new replacement DC from scratch and join it and then promote it verses dealing with getting the restore right.
0
 
LVL 15
ID: 41769542
glad to help
0

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question