This is an automated archive.
The original was posted on /r/sysadmin by /u/thejonson on 2023-08-17 15:14:47+00:00.
So I'll try to keep it brief, but...
K-12 Customer decided to shutdown an old physical DC without checking what it's roles were, and it's been off now for 58 days. Of course it was the FSMO role holder!
Situation is now there are 2 remaining DCs (one physical Server 2019, one virtual Server 2012R2) that now haven't been able to speak to it or each other for the same 58 days. I've removed the old server from AD and have seized the FSMO roles on the VM with idea being that its more portable as a VM, however now I'm in a scenario where DNS no longer works as it can't read the AD partitions (Event ID 4007), opening the DNS snap-in just gives an Access Denied error.
What's people opinions on where to go next?
Option 1 - Restore a backup of the virtual DC to a lab so I can test things there, with the idea that I try and remove the other DCs and get a fully operational single Virtual Domain controller that I could then in theory drop in to the production network. Which is what would be required if it was a full DR scenario with the whole site being blown away.
Option 2 - Battle through trying to get the 2 "working" DCs in sync. So far it doesn't look good, I found an article about resetting the DCs computer password, which seems risky (but at this point what isn't).
I've tried added the names/IPs to the hosts file just to get the servers to be able to resolve each other, as you can nslookup anything as DNS isn't loading the partitions. But this hasn't improved anything.
Any pointers for recovering an entire dead domain would be much welcomed.