Domain Controller etiquette after a crash between Server 2003 & Server 2008 [closed]

windows-server-2008-r2 domain-controller

I have 2 domain controllers on a non-Internet connected network running Windows Server 2008 R2. They running RAID 5 on a 8 Hard Drive server. Sometime last week the Boot Sector became corrupt on DC1 and I was unable to recover the server. I am not going to have to rebuild the server. I have been reading about the changes from Server 2003 to Server 2008. DC1 was the main domain controller and now that it won't but it is all falling to DC2. I know that in previous versions of Windows Server you had to make on the primary and one the secondary. Since DC2 does not see DC1 anymore is there anything I need to do to DC2 as it is now the one in control? I am thinking some kind of meta data clean up but I can't find any hard information on what procedure to do. I understand as of Server 2008 domain controllers are on an equal footing and provide replication to each other so they should be the same correct?


Solution 1:

You are correct in saying that domain controllers are not "primary" or "secondary" anymore (although a bit incorrect on the timing: this became reality when Active Directory was first introduced in Windows 2000, and the whole "PDC/BDC" thing ceased to exist with Windows NT 4).

However, there are some things that are specifically done on a single domain controller at a time, and those are called the FSMO roles; if the failed DC held one or more of them, you'll have to forcibly transfer ("seize") them to the remaining one: https://technet.microsoft.com/en-us/library/cc816779(v=ws.10).aspx.

Also, you'll have some cleaning up to do in Active Directory, by removing all references to the dead DC: https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx.

Last but not least, after you finish cleaning up your AD, bring up another domain controller as soon as possible; you should never run an Active Directory domain with a single DC, because if that breaks too, you'll just find yourself with no domain anymore.

Solution 2:

This procedure perfectly fits your needs. It is called seizing and is used to transfer FSMO Roles between a "death" and a "working" DC.

The process of moving the FSMO role from a non-operational role holder to a different DC is called Seizing...

If you want to know more before following the how to, read this.

Just, when you're done, never ever bring DC1 up again after this.

I warn you to rename the server to DC3 or something else whether you plan to reinstall it in the future.

Related

Cannot join client to domain (non virtual, DNS issue)
How should I diagnose ERROR 1045 during MySQL installation?
Magento Community - Hosting :: Need Advice which sharing hosting will run magento fast
Nginx non-www redirect to www with SSL not working
Nginx tries to run on port 80 but the configs have been removed
systemd-timesyncd requires incoming ephemeral ports opened
Postfix configuration: different outgoing hosts based on sender
Relase outgoing mails to internet if local delivery failes
Oracle Enterprise Linux installation can't see local disks on HP ProLiant DL360e Gen8
libc6 dependency mismatch in Debian 9.12 stretch
MailboxExportRequest ContentFilter is "Received -ne $null" when querying by date
What effect do the user and role labels have on a file in SELinux?