Is there a safe way to bypass a non-replicating DC?

Solution 1:

You should either find a way to fix it, or shut it down as soon as possible and remove any reference to it from Active Directory (using NTDSUTIL's metadata cleanup functions); as long as Active Directory thinks it's still there, domain members are going to try logging on to it (and have any sort of problems).

If you want to keep it around instead of decommissioning it, you should try (forcibly) demoting it and then promoting it back; this should fix replication issues:

http://support.microsoft.com/kb/875495


If you can't fix or demote it, at least shut it down (or disconnect it from the network); that's the only safe way to make sure nobody tries logging on to it. If it's reachable on the network, someone or something will sooner or later try to use it.

Solution 2:

Strip its A record from the domain.local name in DNS, and then modify the settings on its DNS service so that it doesn't put it back.

If replication is that busted, then there's not a lot of good that can come of leaving it up for any length of time - why not just turn it off, burn all memory of it from the domain (also known as a metadata cleanup) and seize any roles that it has left?