AD issue after VM restore
We are running a mixed 2008R2 / 2012R2 / 2016 network.
We have unfortunately experienced a massive hardware failure, losing in effect many servers.
We have 3 domain controllers:
ad03 - thankfully unaffected - server 2016
ad02 - crashed - restored from backup - server 2012R2
ad01 - crashed - restored from backup - server 2008R2
Unfortunately the restores have not been "AD aware" but "simple" VM restores from image backups. As such AD1 and AD2 are now out of sync.
FSMO / PDC roles were on ad01 and I have seized them on ad03 to insure minimal services. But we have to put back ad02 and ad01 into production.
What you be your advices to restore full functionality ?
We have unfortunately experienced a massive hardware failure, losing in effect many servers.
We have 3 domain controllers:
ad03 - thankfully unaffected - server 2016
ad02 - crashed - restored from backup - server 2012R2
ad01 - crashed - restored from backup - server 2008R2
Unfortunately the restores have not been "AD aware" but "simple" VM restores from image backups. As such AD1 and AD2 are now out of sync.
FSMO / PDC roles were on ad01 and I have seized them on ad03 to insure minimal services. But we have to put back ad02 and ad01 into production.
I typically see this from DCDIAG (which is expected)
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\admin>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = ad-au-01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD-AU-01
Starting test: Connectivity
......................... AD-AU-01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD-AU-01
Starting test: Advertising
Warning: DsGetDcName returned information for \\ad-au-03.do
when we were trying to reach AD-AU-01.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.What you be your advices to restore full functionality ?
ASKER
FWIW reading the literature online it would seem that I should have transferred roles, not seize them... But I don't think I could have form non-working AD.
Anyway probably too late...
At the moment I am considering demoting the two AD, do an ntdsutil /metadata cleanup and promote them back as AD.
Opinions most welcome :)
Anyway probably too late...
At the moment I am considering demoting the two AD, do an ntdsutil /metadata cleanup and promote them back as AD.
Opinions most welcome :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for advices - rebuiding
In other words, don't bother with restores at all. No risk of issues. The new DCs will pull data from your healthy DC. All is well again.