I'm in a bit of a bind with my domain controller and need some help. I've restarted the DC and I'm seeing ID 2042. This domain controller holds all the FSMO roles. The error message I'm getting says, "It has been too long since this machine last replicated with the named source machine. The time exceeded the tombstone (180 days). Replication has stopped," which means I can't authenticate into the domain or do much of anything. This DC was promoted to be the PDC a while back, but the original one still exists as a VM, though it's not running and would be outdated anyway. If I restore from backup, I think I'll still have the tombstone issue because the data won't sync. Any guidance would be greatly appreciated!
2 Answers
Is this the only DC in your forest? If it isn’t, you can't really fix a tombstoned DC. Your best option would be to seize the PDC on another working DC, then set up a new DC to replace the tombstoned one. Following that, you'd want to demote the troubled DC and clean up the metadata and DNS settings. It's not overly complicated, but definitely not something you want to rush into. Do you have access to Microsoft Support? They could definitely assist you with this!
You can check the FSMO roles by opening a command prompt on the DC and typing "netdom query fsmo" without quotes. The server name that appears there should be the primary FSMO holder in your organization. If it still shows the current DC, then you might not have moved the FSMO roles over from the old DC correctly. Unless you’re really experienced with Microsoft’s documentation, you might need someone to assist you with fixing this.
I did that, and the current DC shows it has all five roles. The old one isn’t listed at all now, but I can still see it in the Active Directory controllers.
Can I DM you for more details? It's the only live DC I've got right now. I was under the impression that the tombstone issue was related to the old DC, not this one. I thought maybe deleting the old VM DC might help, but I’m really nervous about doing that.