0

I have 2 domain controllers on a non-Internet connected network running Windows Server 2008 R2. They running RAID 5 on a 8 Hard Drive server. Sometime last week the Boot Sector became corrupt on DC1 and I was unable to recover the server. I am not going to have to rebuild the server. I have been reading about the changes from Server 2003 to Server 2008. DC1 was the main domain controller and now that it won't but it is all falling to DC2. I know that in previous versions of Windows Server you had to make on the primary and one the secondary. Since DC2 does not see DC1 anymore is there anything I need to do to DC2 as it is now the one in control? I am thinking some kind of meta data clean up but I can't find any hard information on what procedure to do. I understand as of Server 2008 domain controllers are on an equal footing and provide replication to each other so they should be the same correct?

JukEboX
  • 801
  • 3
  • 14
  • 39

2 Answers2

3

You are correct in saying that domain controllers are not "primary" or "secondary" anymore (although a bit incorrect on the timing: this became reality when Active Directory was first introduced in Windows 2000, and the whole "PDC/BDC" thing ceased to exist with Windows NT 4).

However, there are some things that are specifically done on a single domain controller at a time, and those are called the FSMO roles; if the failed DC held one or more of them, you'll have to forcibly transfer ("seize") them to the remaining one: https://technet.microsoft.com/en-us/library/cc816779(v=ws.10).aspx.

Also, you'll have some cleaning up to do in Active Directory, by removing all references to the dead DC: https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx.

Last but not least, after you finish cleaning up your AD, bring up another domain controller as soon as possible; you should never run an Active Directory domain with a single DC, because if that breaks too, you'll just find yourself with no domain anymore.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • Thanks I did have a print out on directions on this. Thanks for the link. I will get to it ASAP! If the two DCs were working together before and DC1 went down I am guessing DC2 would not take up the FSMO because it was the second DC added to the domain correct? – JukEboX Aug 21 '17 at 20:59
  • 1
    Correct: if a DC holds one or more roles and it goes down, they need to be seized manually. Also, the failed DC must **NOT** be brought online again after this is done. – Massimo Aug 21 '17 at 21:26
  • I will move over the FSMO. The other DC must be rebuilt with Windows Server 2008 R2 and brought back up. After the clean up it should get a new SID when rejoined no? – JukEboX Aug 21 '17 at 21:30
  • 1
    Yes, if you reinstall the OS you'll get a completely different computer, as far as AD is concerned; you can even use the same computer name and IP address of the failed DC. – Massimo Aug 22 '17 at 06:43
1

This procedure perfectly fits your needs. It is called seizing and is used to transfer FSMO Roles between a "death" and a "working" DC.

The process of moving the FSMO role from a non-operational role holder to a different DC is called Seizing...

If you want to know more before following the how to, read this.

Just, when you're done, never ever bring DC1 up again after this.

I warn you to rename the server to DC3 or something else whether you plan to reinstall it in the future.

Marco
  • 1,679
  • 3
  • 17
  • 31