Domain controller offline over 2 months, now can't sync

Solution 1:

It seems the easiest way is indeed to remove active directory and reinstall it, and it can be done without wiping out the entire server. This leaves anything else on the server untouched. However, since you can't remove active directory properly, you have to force it to be removed from the server then cleanup manually on a good domain controller.

• Disconnect the problem server from the network to prevent any of this from potentially breaking active directory on the good servers.

• On the problem server, run dcpromo /forceremoval. This allows you to remove active directory on the system without removing all it's records on the other domain controllers.

• Use ntdsutil from a good domain controller to remove the problem server from active directory. Instructions are in the help link when you run dcpromo /forceremoval, or here: http://technet.microsoft.com/en-us/library/cc736378%28WS.10%29.aspx

• Delete the server object in AD Sites and Services

• Delete the server in AD Users and Computers if it still exists

• Delete the server from DNS:

• • Remove the NS entry in reverse lookup zones
• • Remove the A entry in forward lookup zones
• • Remove the CNAME entry in forward lookup\domain_msdcs
• • Remove the numerous SRV records under _msdcs, _sites, _tcp and _udp refering to the problem server

• Repromote the problem server and configure site settings like you would a brand new DC.

Solution 2:

At this point it's probably easier to create a new DC and clean dc2 out of AD with ntdsutil.