Assuming that at least two domain controllers were present in the domain to start with, what steps need to be taken to make Active Directory healthy after a domain controller crash?
Assuming that at least two domain controllers were present in the domain to start with, what steps need to be taken to make Active Directory healthy after a domain controller crash?
Step 0: Have at least two domain controllers.
If you only have one domain controller and it fails in such a way that you cannot recover it, then your domain no longer exists; your only option is to create a completely new domain. This is a painful process that involves recreating users, rejoining client computers and servers, and even recreating every security setting you ever used.
If the server is absolutely unrecoverable, such as due to hardware failure that cannot be easily repaired, then here is how to go about purging it from the domain completely. Once the FSMO roles have been seized, it is critical that the old server is never brought back online. Seriously consider wiping the harddrives to ensure that this can never happen.
Determine which servers were holding the FSMO (Flexible Single Master Operations) roles for the domain and forest. Microsoft has a great article on finding FSMO roles.
Any FSMO roles that were held by the crashed server should be seized on a healthy domain controller. Another Microsoft article for this one.
The "Infrastructure" FSMO role is special, and is actually specified for each application partition. If the crashed server held DNS, you will need to verify that the record in each application partition (DomainDnsZones, ForestDnsZones) has been updated. Better explanation here and official fix here.
Perform a metadata cleanup to remove remnants from Active Directory. Deleting extinct server metadata.
Inspect "Active Directory Users & Computers" and "Active Directory Sites & Services" to ensure that all entries for the extinct server have been removed.
Inspect DNS to find any static entries that were related to the extinct server, and either delete them, reassign them, or put a new server at the same address.
If the crashed server was an authorized DHCP server, check to see if it's still listed as an authorized server. If yes, you may need to use ADSI Edit to remove it from the list of DHCP roots.
(Edit 2010-03-14: Added Graeme's comment about step 0)