We had a 2008 R2 domain controller begin failing recently, the backups all became corrupted and the system drive contained CRC errors. (thus preventing further backups).
We were able to promote a new domain controller with all the fsmo roles, but the sysvol/netlogon replication did not fully happen before the original domain controller failed into an unbootable mode.
Is it possible to recover the domain at this point? It seems the new domain controller contains all DNS and AD replications. Only thing it's missing is the SYSVOL and NETLOGON shares.
How would I go about manually removing all traces of the prior domain controller?
update According to Microsoft KB, there's a way to manually recreate the sysvol/netlogon shares. I think I may try that on the new DC. See what happens.
update2 Well, I managed to get the SYSVOL/NETLOGON shares up and running and the new DC seems to be running just fine. The old DC is unbootable. Now I have to figure how to decommission and remove the old DC without it being bootable.
To clean out the old DC, you will want to delete the DC's metadata. You can use the
ntdsutil.exe
as described in How to remove data in Active Directory after an unsuccessful demotion.Verify that the following objects have been deleted (if not, delete them):
You'll need to manual delete any reference to the DC in DNS (including any in _msdcs and all sub-zones)
With all that being said, you should really consider setting up an additional DC for redundancy. That way if you have a DC go down, you still have a second working DC.