Announcement

Collapse
No announcement yet.

AD Demote & Re-promote

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Demote & Re-promote

    We had an issue with one of our DCís a few weeks ago (DMC1) & it was re-imaged using a backup image over a year old. This has now screwed up the replication between itself and the other DC (DMC2).

    DMC2 now wont allow any AD replication to DMC1. After some research it look like the only way around this is to demote & re-promote DMC1 to get the replication working again. I have about another 2 weeks before DMC2 tombstones DMC1 & declares it completely dead through lack of replication.

    I have DNS & DHCP hosted on DMC1, as well as some printers & other applications.

    Hereís my plan:
    • Move DNS, DHCP & All the other services onto DMC2
    • Demote DMC1 (dcpromo)
    • Re-promote DMC1
    • Move the services back

    Has anyone ever had to do this before, or could you offer any advice on how to do this?

    I have a recent image of both servers which I plan to move into a test virtual environment so I can have a dry run before hand.

  • #2
    Re: AD Demote & Re-promote

    Sure it could work but restoring a dc from a one year old image isn't ideal.
    Why did you used such on old backup?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: AD Demote & Re-promote

      I would tend to agree that your approach was not ideal. I would generally recommend that when one encounters a failed DC, the best approach is to clean the meta directory, wipe the drives, and start with a new clean slate. The new DC will simply replicate the AD database. No need to restore DCs from a backup, unless its your only one.
      JM @ IT Training & Consulting
      http://www.itgeared.com

      Comment


      • #4
        Re: AD Demote & Re-promote

        90% you are going to to have problem while demoting DMC1 from the domain (you'll get an error message block demoting the DMC1)

        What u have to do in case you get error while demoting DMC1:

        1-disconnect DMC1 from the network
        2-do a metadata cleanup for the DMC1 from the domain
        3-1-it's better to reformat your DMC1 and rebuild it again then joined to domain and promote it again (dcpromo)

        3-2-In case you need to use the old DMC1 again and not formated. use the dcpromo /forceremoval to remove the AD then joind to the network and promote again (dcpromo)

        Good luck

        Comment


        • #5
          Re: AD Demote & Re-promote

          And also do not forget to seize the FSMO roles to DMC2 if you remove DCM1
          gerth

          MCITP sa, ea & va, [email protected]

          Comment

          Working...
          X