really depends on how much issues you'd want afterwards - if you have another DC in your domain, why is it so critical to bring this one back? Sounds like you have some Apps on it that you need to keep - but you should be able to get rid of AD.
If so, the safest method is to demote it forcefully via "DCPROMO /forceremoval" (need Win2k SP4 or Win2003), then do a metadata cleanup on another DC (removing that server-object). If this was a FSMO role-holder, you'll need to seize the roles to another DC (can also be done via NTDSutil). Afterwards you're ready to re-promote it to a DC. Doable, but very risky is to increase the tombstone lifetime in the forest to a large enough number (on another working DC _and_ the broken DC), but you're asking for trouble if you're going to do this (poltergeists etc.). BTW, Win2003 SP1 will increase the default Tombstone Lifetime (for new forests) to 180 days to avoid more potential issues of this kind. Not so great for the size of the DIT, but likely less issues with recovery... /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Monday, February 14, 2005 6:27 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] suggestions for tombstoned DC recovery? One of our admins restored a DC from a backup greater than 60 days old. There are no newer backup copies. Replication is not working - "Access denied". Also, the restored DC cannot be dcpromo'd out. Rebuilding the computer from scratch is not an option. Repadmin and nltest operations are unsuccessful. Does anyone have any tricks up their sleeve for getting this once-working DC to "play nice again"? I keep thinking that an nltest with a secure channel reset option, followed by a repadmin operation with a force option using the one good DC as an authoritative source - should be the answer. But it doesn't seem to work. Any help is appreciated! Thanks. Mike Thommes List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
