How to replace a failed AD server.

I had a network with two file servers. Hyper-V1 which hosted Server1 and Exchange1; Hyper-V2 hosted Server2 and Exchange2. Exchange was installed on Exchange1, but not completely configured and operating. The hard drive with the virtual disks for Server1 and Exchange1 has failed completely. The two servers were using DFSR successfully, so the users are able to continue in an almost unaffected manner.

Both server1 and server2 were domain controllers. Server1 held the FSMO roles.

I am in the process of rebuilding Server1 to the same system that existed. While Exchange was not functioning, it was installed, and there are a lot of exchange entries when I open the ADSIedit tool.

What is the best way to clean up server2 of any reference to server1 before I rejoin the new server1 to the domain?

Get-ADForest  | Format-Table SchemaMaster,DomainNamingMaster
Get-ADDomain  | Format-Table PDCEmulator,RIDMaster,InfrastructureMaster

# Destination DC for Operations
$DestinationDC = "Server2"
$DestinationDC

# Transfer FSMO Roles

Move-ADDirectoryServerOperationMasterRole -Identity $DestinationDC -OperationMasterRole 0,1,2,3,4 -confirm:$false
Get-ADForest  | Format-Table SchemaMaster,DomainNamingMaster
Get-ADDomain  | Format-Table PDCEmulator,RIDMaster,InfrastructureMaster

# Seize FSMO Roles
Move-ADDirectoryServerOperationMasterRole -Identity $DestinationDC -OperationMasterRole 0,1,2,3,4 -Force -confirm:$False
Get-ADForest  | Format-Table SchemaMaster,DomainNamingMaster
Get-ADDomain  | Format-Table PDCEmulator,RIDMaster,InfrastructureMaster

Open in new window

In this case, use the last section to seize the FSMO Roles using PowerShell on the existing DC.

Then, clean-up Sites, DNS, Active Directory Users & Computers, and then check using the NTDSUtil method indicated above to verify clean-up was complete. Then DCPromo the newly stood up Server1 into the domain.

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LVL 22

Mal OsborneAlpha GeekCommented: 2018-10-23

First thing, if you have not already done so, is to seize all 5 FSMO roles. There are a few ways of doing this, but NTDSUTIL is probably the easiest. https://www.petri.com/seizing_fsmo_roles

Once that is done, the next step is a Metadata cleanup. The "Old Skool" way of doing this was to use NTDSUTIL, if you are running Server 2003 or earlier this is the only way. http://kpytko.pl/active-directory-domain-services/metadata-cleanup-for-broken-domain-controller/

With Server 2008, a metadata cleanup can be done via ADUC. http://kpytko.pl/active-directory-domain-services/metadata-cleanup-over-gui/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

WilfAuthor Commented: 2018-10-23

Thanks for the quick response. The last note on the article indicates that Infrastructure Master (IM) should not be on the same server as the global catalogue, but there is only one server left, so should I seize IM also?

Yes, you need to seize all FSMO roles.

Having the IM and GC on one server is fine, provided you don't have a forest with multiple domains.

Thanks again.

Your help was very much appreciated

LVL 43

Philip ElderTechnical Architect - HA/Compute/StorageCommented: 2018-10-23

How to replace a failed AD server.

Who is Participating?