3

When an Active Directory domain controller becomes orphaned from a domain, is it possible to configure it to continue operating as a healthy DC without going through the process of forcefully demoting it, then re-joining and promoting it?

Consider the following scenario which would result in an orphaned DC:

  1. Two domain controllers, DC1 and DC2, exist in a domain.
  2. DC2 is temporarily shut down.
  3. A new DC is added, DC3.
  4. DC1 is permanently shut down.
  5. DC2 comes back online.

At this point, DC02 has lost it's only point of contact into the domain. The DNS zone will certainly be out of date, not having entries for DC03. Replication will also fail, as it only knows about replication links from DC01 which doesn't exist any more. Assuming that DC1 was holding the FSMO roles, it will also have incorrect references to which server currently holds the FSMO roles.

So, is it possible to manually re-construct the links so that DC02 will start communicating with DC03 without starting from scratch?

Nic
  • 13,425
  • 17
  • 61
  • 104

1 Answers1

12

Sure it might work, but why risk having DC2 poisoning your AD with out of date information?

A DCPROMO de-promote restart / DCPROMO promote restart is hardly a big undertaking. Whereas Manually editing things in ADSI & fudging DNS is hardly fun!

Jon Rhoades
  • 4,987
  • 3
  • 31
  • 48
  • +1 for this, when it comes to DCs doing things the safe and predictable way is always best. – Maximus Minimus Feb 04 '10 at 11:58
  • 3
    ++1 Not to mention that if DC02 was offline for more than 60 days you're REALLY gonna have fun since objects will have expired, the machine account password is expired, if you get replication started you're going to have reanimated objects, etc. -- Stick with a demote/promote, which is almost a trivial fix. – Ryan Fisher Feb 04 '10 at 19:11