Windows Server: How to Recover a Failed Active Directory Domain Controller

Windows Server: How to Recover a Failed Active Directory Domain Controller



Article Summary: This article provides information on recovering an Active Directory domain controller that won't boot into normal mode.



If an Active Directory domain controller (DC) fails in such a way that the server will not boot normally, you should first attempt to boot the DC into Directory Services Restore/Repair Mode to determine whether the issue is caused by a problem with the DC's local copy of the AD database.

If the server is able to boot into DSRM, see Repair a Corrupt Active Directory Database on a Domain Controller that Won't Boot into Normal Mode for instructions on attempting to repair the database.

Assuming the DC is unable to boot to DSRM and the problem is not caused by a corrupt AD database, the procedure for recovering the failed DC depends in part on whether there are additional operational DCs in the domain. If at least one other DC exists in the domain, there are two options available for recovery of the failed DC:

  • Restore the failed DC from a backup, if a system-state backup is available.
  • Rebuild the failed DC from scratch.

Note: The procedures below are not intended to troubleshoot the underlying cause of the failure. These procedures assume that the underlying issue has been diagnosed and repaired or that the only path to resolution involves restoring or rebuilding the server.

If a valid system-state backup is available, you may use to it recover the failed DC. The procedure for restoring a failed DC from a backup depends on the version of Windows running on the DC:


If no valid backup is available or you do not wish to restore it, you may simply rebuild the failed DC from scratch and re-promote it. The other DCs will ensure that the domain remains accessible while the failed DC is being rebuilt and that the DC's local copy of the AD database is brought up to date after recovery. The procedure for rebuilding a failed DC from scratch is as follows:

  1. Reinstall the operating system on the failed DC. Depending on the nature of the failure, it may be necessary to rebuild any drive arrays and reformat all drives on the failed system beforehand.
    Note: Steps 2 and 3 may be performed while the operating-system reinstallation is in progress.
  2. On a working DC, seize any FSMO roles held by the failed DC.
  3. On a working DC, perform a metadata cleanup to remove the failed DC from Active Directory. The procedure varies according to the version of Windows running on the working DC.
    Windows Server 2003: Clean Up Server Metadata
    Windows Server 2008 and later: Clean Up Server Metadata
  4. Optionally, join the reinstalled server to the domain. This is not necessary but will allow you to test network connectivity and DNS resolution. If the server cannot join the domain successfully, this indicates an underlying issue that must be resolved before you will be able to proceed.
  5. Promote the server to be an additional DC in the domain.
  6. Wait for the initial AD and SYSVOL replication to complete.
  7. If desired, transfer FSMO roles back to the recovered DC. Do not seize the roles.




Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

Artikel-ID: SLN156191

Datum der letzten Änderung: 09/03/2014 01:36 PM


Diesen Artikel bewerten

Präzise
Nützlich
Leicht verständlich
War dieser Artikel hilfreich?
Ja Nein
Schicken Sie uns Ihr Feedback.
Die folgenden Sonderzeichen dürfen in Kommentaren nicht verwendet werden: <>()\
Derzeit ist kein Zugriff auf das Feedbacksystem möglich. Bitte versuchen Sie es später erneut.

Vielen Dank für Ihr Feedback.