RE: [ActiveDir] Seized the roles of a failed DC

[Brian Desmond]

Ah ok, well, that wasn’t necessary.   Thanks, Brian Desmond [EMAIL PROTECTED]   c - 312.731.3132   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNA Sent: Monday, September 11, 2006 9:48 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Seized the roles of a failed DC   Yeah that was done, everything is clean.  Just used a different name when I rebuilt the server to be on the safe side and to keep things clean.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Monday, September 11, 2006 9:33 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Seized the roles of a failed DC Nate-   You can use the old name again, you just need to clean the broken DC up in AD & rebuild the box. Either search the KB for metadata cleanup or below is the steps off the top of my head:   Ntdsutil Metadata cleanup Connections Connect to server SomeDC Exit Sel op tar Lis dom Sel dom #OfDomain Lis site Sel site #OfSite Lis ser in site Sel ser #OfServer Exit Rem sel ser Exit Exit     Thanks, Brian Desmond [EMAIL PROTECTED]   c - 312.731.3132   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNA Sent: Monday, September 11, 2006 6:04 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Seized the roles of a failed DC   Hey all,    I have a little question here, just a sanity check for the most part.  We had a DC that got its registry ripped to shreds by some hardware folks, the end result was the OS no longer recognized TCP/IP interfaces, even after a system state restore of the registry component.  This resulted in an offline DC which was only the Domain Naming Master and one of 2 GC's.  Our domain is very small with only 4 DCs and the AD database is small as well.  Previously when an Operations master (Infrastructure Master) went offline and would not be online for at least another 24 hours, rather than let the time elapse for the maintenance they requested we transfer the role to another server immediately, so we complied.    The issue is, this last time a DC failed and the transfer could not take place, so I seized the roles and brought them online on another DC as well as made another DC a GC.  The problem is that, since I seized the roles I realized I could not use the previous DC's name again in AD, based upon previous experience, lots of articles, and other admins in the past's personal preferences for AD recovery.    I got my head chewed off by the entire organization from this renaming of the DC and have undergone many meetings and attacks from people I had not even worked with before.  I am just wondering what are some of your practices in this situation.   Recap:   1) Failed DC with no network connectivity 2) Organization wants role holders online at all times 3) Removed DC manually and did cleanup of AD database 4) Built new DC and used a new name 5) Forced through a modern day spanish inquisition 6) What would you have done?       Thanks,   Nate Bahta   General Dynamics Information Technology Sr. Systems Administrator   "Certo Dirgo Ictu"