Will a 3 month old, imported hyper-v Active Directory image, synchronise with the primary server?
My primary AD server (and DNS) is a physical machine (Server 2008R2), while my secondary AD server (and secondary DNS) is a hyper-v virtual machine.
My primary server I back up each day, but the secondary vm is backed up as a hyper-v image from 3 months ago.
I lost the virtual secondary server (theft of the host server), and would like to restore (import) the old hyper-v image on the new host server.
If I import the old hyper-v image of the secondary server onto the new host hyper-v server, will it run okay? Or will the new host hardware be a problem for the virtual AD server? I have already imported another non Active Directory vm image to the new host hardware, so I know the hardware is compatible, just I am unsure about AD.
Also, I assume the secondary server, once connected will automatically synchronise with the primary server?
My primary server I back up each day, but the secondary vm is backed up as a hyper-v image from 3 months ago.
I lost the virtual secondary server (theft of the host server), and would like to restore (import) the old hyper-v image on the new host server.
If I import the old hyper-v image of the secondary server onto the new host hyper-v server, will it run okay? Or will the new host hardware be a problem for the virtual AD server? I have already imported another non Active Directory vm image to the new host hardware, so I know the hardware is compatible, just I am unsure about AD.
Also, I assume the secondary server, once connected will automatically synchronise with the primary server?
I am pretty sure it will not work "out of the box". If the Domain Controller has been offline for too long, it will have objects on it that were supposed to have been deleted by the tombstoning process. If this happens the Domain Controller will stop replication with it’s partners. You will see an event in the logs with ID 2042, Source NTDS Replication.
See here how to resolve this "by the book"... my advice would be to rebuild the DC...
See here how to resolve this "by the book"... my advice would be to rebuild the DC...
You can do that but there will be lof of issues which you will face related to usn rollbacks and all..
how ever the supported type to restore is a domain controller would be using system state back up.Please check this below link which has your scenaion mentioned in detail.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd363553(v=ws.10)#backup_and_restore_considerations_for_virtualized_domain_controllers
Thanks
how ever the supported type to restore is a domain controller would be using system state back up.Please check this below link which has your scenaion mentioned in detail.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd363553(v=ws.10)#backup_and_restore_considerations_for_virtualized_domain_controllers
Thanks
Woudn't it be easier to build the second server from ISO and isntall the roles required and do a replication from the main DC to the back up domain controller this will avoid importing any old entries that have been removed on the primary domain control.
Thanks
Thanks
This is what exactly is written in the technet doument
If a working copy of the VHD file is available, but no system state backup is available, you can remove the existing virtual machine. Restore the existing virtual machine by using a previous copy of the VHD, but be sure to start it in Directory Services Restore Mode (DSRM) and configure the registry properly, as described in the following section. Then, restart the domain controller in normal mode.
Use the process in the following illustration to determine the best way to restore your virtualized domain controller.
If a working copy of the VHD file is available, but no system state backup is available, you can remove the existing virtual machine. Restore the existing virtual machine by using a previous copy of the VHD, but be sure to start it in Directory Services Restore Mode (DSRM) and configure the registry properly, as described in the following section. Then, restart the domain controller in normal mode.
Use the process in the following illustration to determine the best way to restore your virtualized domain controller.
i worked in a company where there was lots of connectivity problems, and duration passed several times the period of 60 days. and domain controllers didn't connect correctly.
the solution was to retrieve the domain controller to the central datacenter, depromote it with dcpromo /forceremoval command, the rebuild it safely. the operation takes less than two hours to finish and the ad database was almost 20g of size
the solution was to retrieve the domain controller to the central datacenter, depromote it with dcpromo /forceremoval command, the rebuild it safely. the operation takes less than two hours to finish and the ad database was almost 20g of size
the operation takes less than two hours to finish and the ad database was almost 20g of sizeWell you might have had connectivity issues but boy, when it worked, you had some bandwidth :)
In any case I think the consensus here is the the best course of action id to rebuild the DC.
Rebuild or demote, connect, promote?
ASKER
Here is an interesting post: https://www.techieshelp.com/it-has-been-too-long-since-this-machine-replicated/
Is that ONLY for SBS?
Other than this, I am likely going to remove and cleanup the primary controller and then just create another server.
If I had to connect the old server back, beside it not replicating, would this cause any harm to the primary DC?
Is that ONLY for SBS?
Other than this, I am likely going to remove and cleanup the primary controller and then just create another server.
If I had to connect the old server back, beside it not replicating, would this cause any harm to the primary DC?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the old image is restored without accessing the network and then is demoted, won't it lose all information about the domain? If so, when reconnected and promoted shouldn't it be like a new server?
ASKER
So in the end, I removed the DC from my root DC. I used this this info:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816907(v=ws.10)
and step 6 here:
https://community.spiceworks.com/how_to/9942-complete-force-removal-of-a-domain-controller-from-active-directory-guide
I then setup a new Hyper-v vm with the same name from scratch and promoted it. AD and DNS all working again and replicating between the controllers.
THANKS everyone for your help :)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816907(v=ws.10)
and step 6 here:
https://community.spiceworks.com/how_to/9942-complete-force-removal-of-a-domain-controller-from-active-directory-guide
I then setup a new Hyper-v vm with the same name from scratch and promoted it. AD and DNS all working again and replicating between the controllers.
THANKS everyone for your help :)
When you promote it, synchronization should occur with the other DC.
Again... you should wait for someone with better experience to confirm this.