Domain Controller offline for a few days

My primary domain controller died over the weekend, its motherboard is being replaced tomorrow.

I have been told that the mac address of the server may change once the new motherboard is installed.

What issues should I be concerned about before I plug it back onto my network? Will AD just sync without any issues?

What about DHCP? It was a dhcp server before it died but I have had to install that elsewhere on my network. Once I power it back on there will be a conflict of dhcp servers.


Solution 1:

The machine's MAC address changing won't affect anything. Active Directory isn't concerned with the link layer. Yep you can just plug it back in, and the DC will catch up. (Now on the other hand, if the DC's hard drive was encrypted with something like Bitlocker, replacing the motherboard (and thus the onboard TPM chip) would mean the end of the road for the data stored on that hard drive. But I will assume that you're not using Bitlocker. :))

There is a limit to how long a DC can be offline and still be brought back successfully, called the tombstone lifetime. It is probably 180 days for your forest though, so you are nowhere near having to worry about it if the DC was out of commission for "just" over the weekend.

But don't allow there to be multiple DHCP servers on the network. Consider removing the DHCP Server role from the machine before reconnecting it to the network.

Edit: As mfinni says, it's really more that you don't want overlapping scopes. I was assuming that your new DHCP server and your old DHCP server served the same IP address range. So instead of removing the DHCP server role completely, if you intended to bring the old DHCP server back into service, you could just modify its scope instead so that it doesn't overlap with the current one on the network.

Solution 2:

The DC itself is not a problem.

The DHCP takes some careful handling to prevent connectivity issues for your users:

Best approach (done this myself several times):

  • Bring the DC up without LAN. Log on locally and go in the DHCP settings. If it is currently NOT enabled then enable "collision detect". Then stop the DHCP service.
  • Reconnect the DC to the LAN.
  • Set the lease-time on the replacement DHCP-server to a very short period (30 minutes).
  • Wait until the previous (longer) lease-time has expired, wait another period as long as the new (short) lease-time. All clients should now be using the short lease-time on the (replacement) DHCP server. (I know... If you used the default 8 days on the replacement DHCP server this will take a while... Should have configured that to be a short lease straight away.)
  • Stop the DHCP service on the replacement. Start it on the DC.

This makes it painless for the users. Most won't notice.
The "collision detect" can be switched off (if you want) after a day or so, when the DC is back in business as DHCP server.