what to be carefull when rebuilding primary AD domain controller?

user53815

7/19/23, 6:50 AM

I just did some search such as this one and this to avoid asking a question which already has answer.

However, I'm not sure whether the information fully match my question or not.

The situation is, I'm currently maintaining a test environment under a business domain. There are two windows 2016 AD domain controllers acting as primary DC and second DC respectively, and are apparently linked together to provide domain services.

These two domain controllers only have basic roles running: domain services and dns, and all the nodes/clients in this domain are managed by them.

Now, the primary DC encountered unexplainable issues and I have no choice but to delete the whole machine and rebuild a new primary DC to replace it.

I have no experience on "rebuilding" the "primary" domain controller, does anyone know what to be aware of when doing such thing? Or maybe I can just delete the primary DC and recreate it without making any changes on second domain controller?

thanks in advance.

0 + 0

domain-controller

Score:1

Server

Nikita Kipriyanov

7/19/23, 7:07 AM

Notice that while you designate one of your controllers as "primary", there is no such concept in the Active Directory technology. The NT4 "PDC" functionality was essentially split a "primariness" into several Flexible Single Master Operation (FSMO) roles, which can be assigned to different DCs, and then there will be no signle controller which can be designated "primary" at all. That was done 22 years ago, and yet many people still use ancient and irrelevant NT4 terminology!

So, the general DC "rebuilding" strategy applies. After each step you should check your replication is consistently working, and group policies on the SYSVOL share are available. You begin by fixing replication issues (if any), then move all assigned FSMO roles away from the controller you are about to demote, and then you demote it, updating DNS. After reinstalling and promoting a new DC you may reassing some FSMO roles to it or leave them where they are — it doesn't matter much.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: what to be carefull when rebuilding primary AD domain controller?

TH: สิ่งที่ต้องระวังเมื่อสร้างตัวควบคุมโดเมน AD หลักใหม่

RO: ce să fii atent când reconstruiești controlerul de domeniu AD primar?

RU: на что следует обратить внимание при восстановлении основного контроллера домена AD?

VI: cần cẩn thận điều gì khi xây dựng lại bộ điều khiển miền AD chính?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.