question

EXE-1634 avatar image
0 Votes"
EXE-1634 asked DSPatrick commented

Domain controller 1&2 offline over 2 months

Domain controller was setup, then taken offline for longer than the tombstone limit. Now I can't get it to replicate again with DC2. please, any solution to replicate back

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
1 Vote"
DSPatrick answered DSPatrick commented

If a domain controller has tombstoned then the solution is to seize roles (if necessary) to a healthy one.
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/transfer-or-seize-fsmo-roles-in-ad-ds

then perform cleanup to remove remnants
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

then rebuild the failed one. I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new one, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health.


--please don't forget to upvote and Accept as answer if the reply is helpful--







· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello,

Thank you for your question.

If the tombstone limit already passed then it may not Sync with AD properly and its better to decommission and promote new one with new name and ip or you have to use meta cleanup for AD objects.
Please also consider to download Active Directory Replication Status Tool and see how How is the health of AD now.

https://www.microsoft.com/en-in/download/details.aspx?id=30005

If the reply was helpful, please don’t forget to upvote or accept as answer.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.