0

We have 5 Domain Controllers over 2 sites:

Site A: DC01, FILE01, EXCHANGE01

Site B: FILE02, EXCHANGE02

FILE01/2 use DFS-R and EXCHANGE01/2 replicate (both Exchange 2007 SP1 servers)

DC01 was rebuilt and something screwed up replication with FILE02, EXCHANGE02. This isn't to figure that out since I think it is too late now and I need to just sort the issues.

Running DCDIAG I see WARNING: This latency is over the Tombstone Lifetime of 60 days! for DC01 and FILE02/EXCHANGE02. The date of the last replication received from these 2 servers is 2014-03-22 12:44:58. DC01 is replicating fine with FILE01 and EXCHANGE01.

I, therefore, believe that I need to rebuild AD on both the 02 servers. My question is:

Can I do that without breaking the Exchange and DFS replications or will I need to rebuild the servers completely?

neildeadman
  • 684
  • 4
  • 20
  • 34
  • Which of those servers are running as Domain Controllers? – Mark Henderson Nov 14 '16 at 16:33
  • All of the servers above are Domain Controllers for the same domain. – neildeadman Nov 14 '16 at 16:35
  • 5
    Oh wow. That is seriously unwise. You have _probably_ broken the entire network but I'm not touching this one. Too much risk involved in making everything worse. It also depends on which version of Windows they are and what your Domain Functional Level is. Good luck. – Mark Henderson Nov 14 '16 at 16:37
  • @MarkHenderson What is unwise? Why would you say I probably broken the entire network? It is only the DR servers that we replicate to that are affected. Everything else is OK. – neildeadman Nov 14 '16 at 16:45
  • You should not be promoting every server to a domain controller. Typically in a site like this you would have one DC per site, and every other server is a member server. If that was how this network was built you would have one server tombstoned, but everything else would work. You could just repair that tombstoned server and everything would be fine. But by throwing Exchange in the mix as a DC? All bets are off. – Mark Henderson Nov 14 '16 at 16:49
  • Honestly, your first step is probably removing the Directory Services role from the Exchange server. I don't know if you even _can_ demote a DC that's mixed with Exchange. Honestly I would be adding a small virtual machine of DC02 to Site B, get that one up to date and working correctly, and rebuild FILE02 and EXCHANGE02 to be just vanilla domain members. – Mark Henderson Nov 14 '16 at 16:51
  • @MarkHenderson Sadly I inherited this config. Could I then build a DC02 server as a DC and then demote EXCHANGE02 and FILE02 from being DCs without needing to reinstall Exchange or setup DFS again? – neildeadman Nov 14 '16 at 16:53
  • When DC01 was rebuilt, did you used the same server name? Did you demote the server before? If not, I suggest you to demote the dc, reboot, metadata cleanup and finally re-promote. If yes, probably you will need to recreate the replication between your servers. – HEMAN85 Nov 14 '16 at 16:54
  • Probably? I think DFS will be fine, because dcpromo will leave behind a member server. But for Exchange? No idea. That's where this gets too messy for me to offer an opinion. – Mark Henderson Nov 14 '16 at 16:55
  • 3
    @MarkHenderson To add to the complexity, you can't remove AD from an Exchange server, you have to remove Exchange before.. kinda why it warn the user on the install to not do it. – yagmoth555 Nov 14 '16 at 17:09
  • @neildeadman if you check your AD user and computer, and check lastlogin info, what server display the latest date ? I think your site B could be the main site now. – yagmoth555 Nov 14 '16 at 17:11
  • 3
    Exchange 2007 SP1 as well - that is what six years old. Building new domain controllers, new Exchange 2007 member only servers might get you to a better place. You cannot DCPROMO a server with Exchange installed on it either, so building replacement servers is going to be the only option here. – Sembee Nov 14 '16 at 17:16
  • Yep, DFS should be good. The replication can be fixed after re-join the server02 to the domain but obviously Exchange is the big issue... Did you try to switch to use DC01 as your domain server on Exchange? https://technet.microsoft.com/en-us/library/aa998227.aspx Another question just to understand better this: Are you running Exchange on a domain controller? You can't demote a domain controller with exchange installed. – HEMAN85 Nov 14 '16 at 17:24
  • 1
    I'm voting to close this question as due to the complexity and risk to loose the current Active Directory, I suggest the OP to check with a consultant first. It's too broad/serious to answer. – yagmoth555 Nov 14 '16 at 18:02
  • 1
    I started writing up an answer, but... ugh, this is such a trainwreck... your only sane option is to rebuild the whole thing, properly. The mess you have now is not maintainable or supportable. Take it breaking as an opportunity to replace what you have now with something that works, and isn't horrible. – HopelessN00b Nov 14 '16 at 21:02
  • Thank you for everyone's comments. As I said previously, I inherited this setup and although I am responsible for this, I don't have the final say on upgrading or changing it. We are in the process of migrating from Exchange 2007 to Office 365, so that will offer me the chance to sort this out. Having said that, overnight, it has replicated from Site A to B successfully and still does. It won't go the other way, so I think there are still issues to solve, but not as bad as I was seeing yesterday. Thanks again. – neildeadman Nov 15 '16 at 17:08

0 Answers0