Replication, /forceremoval

T

technion

Hey guys,

I've seen various posts involving a suggestion that when a DC has been
offline for 60 days and tombstoned, the best recourse is to follow a
demote/promote scenario.

I'm planning for a disaster and would like to discuss the following.
We have several remote offices, each office has its own domain, all in
the same forest, connected via VPN to the root domain at head office.
Each office is small and could only justify one DC.
Each DC replicates to the root domain regularly.

Now, let's say there's a Telstra fault, and the Internet is offline for
60 days (we hit 55 not long ago, so I need to plan for this). Since
there is no other domain controller for the domain hosted in that
single remote branch, what course of action should be taken to get that
office replicating again?

I know we can increase the tomestone lifetime now, but that's a hack, I
was looking for a proper fix.
 
C

Chris Malone

You would need to remove the DC that has been disconnected for 60+ days
from AD (clean the metadata) and then re-promote. There is a regkey
that allows replication between DCs after the tombstone lifetime has
expired which is HKLM\System\CCS\Services\NTDS\Parameters\Allow
Replication With Divergent and Corrupt Partner = 1 (reg_dword) but use
at your own risk. The tombstone lifetime was designed to prevent
problems with conflicting replicated objects after that time has
expired.

Clean the metadata using the following:
http://support.microsoft.com/default.aspx?scid=kb;en-us;216498


chris
 
D

Dean Wells [MVP]

The definition of 'hack' is somewhat in the eye of the beholder, but
good news, Microsoft have already increased the tombstone lifetime
default for a freshly built 2003-SP1 forest to 180 days (if your WAN is
down for that long or longer then perhaps your problems lies elsewhere
;o). Since MS have impicitly blessed a longer TSL, I hope that that may
ease or remove your apprehension in increasing the value on your own
production forest.

If you still have concerns that such an extensive downtime may once
again occur, consider implementing a cost effective secondary
connectivity on-demand solution such as a point-to-point dialup ... or
possibly consider promoting a Panasonic Toughbook to the role of DC and
FedEx'ing it between sites on an intermittent basis during the downtime
.... this is somewhat of a tongue-in-cheek suggestion due to the severe
security implications but I felt it worth a mention.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Site Replication 1
dcpromo /forceremoval does not work 4
can't join a computer to domain when 2000 DC offine, while 2003 DC 6
Child Domain Authentication 1
Site link bridges always needed? 2
Problems with new site 2
Replication issue! 1
Site Replication - Enforced Star Topology 3

Top