How to replace a failed AD server.
I had a network with two file servers. Hyper-V1 which hosted Server1 and Exchange1; Hyper-V2 hosted Server2 and Exchange2. Exchange was installed on Exchange1, but not completely configured and operating. The hard drive with the virtual disks for Server1 and Exchange1 has failed completely. The two servers were using DFSR successfully, so the users are able to continue in an almost unaffected manner.
Both server1 and server2 were domain controllers. Server1 held the FSMO roles.
I am in the process of rebuilding Server1 to the same system that existed. While Exchange was not functioning, it was installed, and there are a lot of exchange entries when I open the ADSIedit tool.
What is the best way to clean up server2 of any reference to server1 before I rejoin the new server1 to the domain?
Both server1 and server2 were domain controllers. Server1 held the FSMO roles.
I am in the process of rebuilding Server1 to the same system that existed. While Exchange was not functioning, it was installed, and there are a lot of exchange entries when I open the ADSIedit tool.
What is the best way to clean up server2 of any reference to server1 before I rejoin the new server1 to the domain?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
First thing, if you have not already done so, is to seize all 5 FSMO roles. There are a few ways of doing this, but NTDSUTIL is probably the easiest. https://www.petri.com/seizing_fsmo_roles
Once that is done, the next step is a Metadata cleanup. The "Old Skool" way of doing this was to use NTDSUTIL, if you are running Server 2003 or earlier this is the only way. http://kpytko.pl/active-directory-domain-services/metadata-cleanup-for-broken-domain-controller/
With Server 2008, a metadata cleanup can be done via ADUC. http://kpytko.pl/active-directory-domain-services/metadata-cleanup-over-gui/
Once that is done, the next step is a Metadata cleanup. The "Old Skool" way of doing this was to use NTDSUTIL, if you are running Server 2003 or earlier this is the only way. http://kpytko.pl/active-directory-domain-services/metadata-cleanup-for-broken-domain-controller/
With Server 2008, a metadata cleanup can be done via ADUC. http://kpytko.pl/active-directory-domain-services/metadata-cleanup-over-gui/
Thanks for the quick response. The last note on the article indicates that Infrastructure Master (IM) should not be on the same server as the global catalogue, but there is only one server left, so should I seize IM also?
Yes, you need to seize all FSMO roles.
Having the IM and GC on one server is fine, provided you don't have a forest with multiple domains.
Having the IM and GC on one server is fine, provided you don't have a forest with multiple domains.
Get-ADForest | Format-Table SchemaMaster,DomainNamingMaster
Get-ADDomain | Format-Table PDCEmulator,RIDMaster,InfrastructureMaster
# Destination DC for Operations
$DestinationDC = "Server2"
$DestinationDC
# Transfer FSMO Roles
Move-ADDirectoryServerOperationMasterRole -Identity $DestinationDC -OperationMasterRole 0,1,2,3,4 -confirm:$false
Get-ADForest | Format-Table SchemaMaster,DomainNamingMaster
Get-ADDomain | Format-Table PDCEmulator,RIDMaster,InfrastructureMaster
# Seize FSMO Roles
Move-ADDirectoryServerOperationMasterRole -Identity $DestinationDC -OperationMasterRole 0,1,2,3,4 -Force -confirm:$False
Get-ADForest | Format-Table SchemaMaster,DomainNamingMaster
Get-ADDomain | Format-Table PDCEmulator,RIDMaster,InfrastructureMaster
Then, clean-up Sites, DNS, Active Directory Users & Computers, and then check using the NTDSUtil method indicated above to verify clean-up was complete. Then DCPromo the newly stood up Server1 into the domain.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial