I've got a secondary Domain Controller (DC2) that was offline for about 203 days, which unfortunately exceeded the tombstone lifetime of 180 days. I'm hesitant to attempt syncing it with my primary Domain Controller (DC1) since it's stale. DC1 has been running on Windows Server 2012 R2 for years without major issues. Given this situation, what's the best way to address the stale DC2? Additionally, what would be the ideal operating system to install on DC2 to ensure a smooth operation and avoid future problems? Also, DC1 is not available for certain sysvol migration commands, which complicates things. Any advice would be greatly appreciated!
4 Answers
You should delete DC2 from your setup. Check if DC1 is using DFSR for SYSVOL; if it’s not, you might need to migrate to it first. Start fresh with two new 2022 DCs, but delay updates for now. Once you transfer roles over, you can demote the 2012 R2 and then update the new ones. Upgrading to a 2016 functional level afterwards is also a good idea.
Definitely go for a metadata cleanup on DC2 to remove its references. Spin up a new virtual machine, name it DC01, install Windows Server 2022 on it, and set up the FSMO roles. Once that's done, demote the old DC (DC1), then create another new server called DC02 for redundancy.
Don't turn DC2 back on or connect it to the network. If it's physical, wipe it; if it's virtual, back it up and then delete it. Perform AD metadata cleanup first. After that, build a new server with a fresh name, join it to the domain, and promote it to a Domain Controller. Also, plan ahead for upgrading DC1 since it's running on a version that's no longer receiving security updates.
The best approach is to set up a completely new Domain Controller instead of trying to revive the old one. Consider creating two or three brand new DCs, preferably running Windows Server 2022 or 2019. Once you've got a solid number of functioning DCs, transfer all the roles to one of them and safely retire the 2012 R2 DC. After that, you can raise the functional level as needed.
Totally agree! A fresh start seems like the safest option.
Yeah, definitely have to watch out for EOL. Going for a new server is the way to go!