Hey everyone, I've got two domain controllers (DCs) where the primary one, holding the FSMO roles, is experiencing DFSR issues due to WMI problems. The secondary DC has the correct and up-to-date SYSVOL folder. My plan is to demote DC1 so it's non-authoritative, then create a new DC (DC3) that will sync with the SYSVOL folder from DC2. After that, I want to transfer all roles from DC1 to DC3 and retire DC1 completely. Does this sound like a good strategy? I've heard that it's best to resolve all sync issues between existing DCs first, but in my case, I can't do that. I'm hoping that making DC1 non-authoritative would allow me to bypass the usual concerns.
1 Answer
Honestly, if DFSR is broken on your FSMO holder, just creating a new DC won't solve the problem. You might still run into issues transferring roles later on. Personally, I'd power off the sick DC, seize the roles on the healthy DC, and set up a new DC after that.
Got it! I was worried about transferring roles causing more issues. So the plan now is to seize the roles from DC1 to DC2, fully retire DC1, and then promote DC3. Sounds better!