I had this question after viewing Netlogon service periodically going into Pause state on DC
We're seeing several machines randomly losing trust with the domain, even a member server this morning. Started happening just today. Didn't perform any weird functions in recent days on the domain controllers or in DNS, but nonetheless...
The above article was not specifically about Windows 2012 R2, but all of my DC's are 2012R2.
I do have the following key in the registry on the PDC Emulator:
> Dsa Not Writeabe > Reg_Dword > (4)
Unable to currently gracefully transfer roles to the other DC. Other DC does NOT have the same reg value.
From this info, it seems like I should perform, in this order
1) Forceful removal of DC1
2) Perform metadata cleanup using ntdsutil on DC2
3) Seize FSMO roles on DC2
4) DC Promo DC1 to bring it back up as a DC
Does that seem correct?