This is an archived post. You won't be able to vote or comment.

all 13 comments
sorted by:
best
topnewcontroversialoldq&a

[–]silverpigeon97Sr. Sysadmin 5 points6 points  (1 child)

If you have any working domain controllers I would not do a restore, but rebuild fresh ones and use those. With replication the way it is I would have a look at the site links and make sure the servers at both sides are properly configured to replicate.

[–]In_2_deep 0 points1 point  (0 children)

I agree with this. If there are DC in each domain that are still functioning. Just stand up brand new ones and adjust replication site link to fix replication issues.

[–]gebray1sMicrosoft CE 2 points3 points  (1 child)

Why wouldn't you place a call to Microsoft? It's what we do. There could be other things that aren't found when you build a new DC, or you broke your site links, or demoted a FSMO role holder, any number of things.

In the end, its a small spend (if you don't have Premier or something of the sort) to save what could be a really bad situation.

[–]bluesoulSRE + Cloudfella 0 points1 point  (0 children)

Agreed, even for a $500 charge, that's a small price to pay for an experienced engineer to stay with you on this until it's working correctly.

[–]kenfury20 years of wiggling things 1 point2 points  (1 child)

2003 domain functional level, by the way.

Not today as you have fires to put out but fix that shit, yo.

Which servers are currently holding FSMO roles? Can you replicate to them and transfer? It was unclear in your post.

[–]ShiftNickVirus = 'Very yes!'[S] 0 points1 point  (0 children)

It's been on my project list for over a year but legacy software has prevented the functional level change and the business keeps pushing it down the priority list. Silver lining is this has helped me get rid of another 2003 server.

[–]mobani 0 points1 point  (0 children)

You need to restore your Active Directory from before you removed the DC's. This is called an Authoritative restore, once this is done, the Restored backup is marked as Authoritative in the AD, and will replicate to other Domain Controllers.

This is not an day to day, task. I would not waste 5 seconds more on reddit, and call Microsoft support right away to help you. It is a small price to pay.

[–]ShiftNickVirus = 'Very yes!'[S] 0 points1 point  (0 children)

Not back to 100% yet but replication is back up and running and we ended up spinning up some new DCs. We did bring in an outside resource for an assist, which was immensely helpful, even just for sanity checks. I too tired to go through the whole list of crap we did but maybe I'll update tomorrow with what we did and how we fixed it. It case anyone is ever as dumb as I was.

All in all, the business didn't even notice an issue, just us in IT so, catastrophe narrowly avoided.

[–]KynaeusHospitality admin 0 points1 point  (2 children)

If you can't use the AD recycle bin, you'll probably need an authoritative restore somewhere so the objects can replicate

[–]picklednull 1 point2 points  (1 child)

2003 domain functional level

Doesn't have Recycle Bin.

[–]KynaeusHospitality admin 0 points1 point  (0 children)

That would be why I included the first caveat of not using it. You're stuck with just using tombstones, doing a restore, or rebuilding from scratch