Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

When is it too late to power back on a Secondary DC that's been offline for 26 days?

Posted on 2016-08-24
7
45 Views
Last Modified: 2016-08-24
We had a backup server's hardware fail & take out one of our secondary domain controllers with it. The failed dc is a writable Windows Server 2008 R2 but with no FSMO roles attached to it. The hardware has been fixed but the secondary dc has been offline for 26 days now. Is it safe to bring back online without any consequences?

Both our Primary (Windows Server 2012 R2) and two other secondary's (Windows Server 2012 R2 & Windows Server 2008 R2) have remained online during this time frame and our functioning correctly.

Thanks for your time.
0
Comment
Question by:J. Jason LaCroix
7 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 41769352
I believe it tombstones or whatever it's called in 30 days.  So make haste if this is true or a lot of work will be needed.
:)
1
 
LVL 21

Expert Comment

by:CompProbSolv
ID: 41769435
I think that the default setting is 60 days, but it can be changed.

You should be able to bring the repaired server online and have it replicate properly.  On the other hand, if you have 3 DCs that are working properly I would consider removing and reinstalling AD on the server and then promote it.  It should get everything it needs from the other DCs.
1
 
LVL 6

Assisted Solution

by:sAMAccountName
sAMAccountName earned 250 total points
ID: 41769497
The default Tombstone Lifetime value for AD 2008 and newer is 60 days.  If you chose to recover the DC, you should be able to do so safely however there may be unexpected changes that will replicate outbound from that DC...  This may cause more confusion than its worth at this point.  Personally, I'd simply scrub it from the domain/forest and rebuild it.
1
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 11

Accepted Solution

by:
Ben Personick earned 250 total points
ID: 41769528
Default tombstone lifetime is 60 days.

If you're running anything newer than windows 2000, you can even rescue domain controllers which have exceeded thw tombstone lifetime.  Just longer more annoying process.

However at 27 days nothing to worry about, you'll probably have some basic replication problems, but usually a couple reboots and some forced syncs will shake that out.

Run RepAdmin /ReplSummary on each DC a couple times after the old DC comes back up see iff its complaigning about passwords being expired ans no PDC, if so give another reboot force AD sync when it comes back up wait 15 minutes more and diagnose any remaining replication problems.

At that point it may still shake itself out given a little longer, depends on your replication topology and number of sites/DC.

if not then diagnose the problems from RepAdmin/replesum and the event logs to resolve any remainaing replication issuses
0
 

Author Closing Comment

by:J. Jason LaCroix
ID: 41769537
thanks to all who contributed answers to my post. it is much appreciated. well done.
0
 
LVL 11

Expert Comment

by:Ben Personick
ID: 41769540
note I assume this was just a hardware failure, and you didn't restore a backup of the DC.

 If you did restore a backup of the DC, then DO NOT turn it on, that can cause major issues with your domain.

restoring DCs from backup requires a very specific set of steps, I find in that case its always easier to treat the DC as lost, clear the meta Data for it, build a new replacement DC from scratch and join it and then promote it verses dealing with getting the restore right.
0
 
LVL 11

Expert Comment

by:Ben Personick
ID: 41769542
glad to help
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question