I'm working on a project that involves utilizing VEEAM Agent to create bare metal backups and migrate them over to a new cloud data center. Everything so far has gone exceptional but as expected I've ran into an issue trying to migrate my secondary DC. After a few DNS issues we decided it was best to brig the old local DC VM back online. Things started working again but now the DCs are in a slightly different state.
I originally noticed a warning on my primary DC - "this server is the owner of FSMO but does not consider it valid". Also numerous errors on the primary about kerberos syncing to the secondary and that the secondary was not available / not the right name; etc. All of these issues, after Googling, pointed toward numerous different causes, so as dubious as I was I just decided to reboot both server; primary first, then secondary.
The strange part is now, replication works, I don't have any errors, and best practice analyzer isn't coughing anything up - but the secondary DC allows me to edit and modify DNS and ADUC records whereas before they were locked down, perhaps due to the replication rules. The records could only be edited from the primary DC.
I'm afraid this odd behavior is the result of a larger issues that I I'm unable to pin down. Should I be concerned? Everything seems to be working; new records replicate in both directions and SOA is incremented correctly.
Any advice or things to look for is appreciated. Also tips on migrating secondary virtual DCs is welcome.