I have two HyperV hosts, hv01 and hv02. hv01, a HyperV 2012 R2 server, hosts an SBS 2011 server and two other member servers, 2k8 R2 and Server 2012 R2, but neither are DCs. hv02 is Win 2k8r2 with only hyperv role, hosting a virtual Server 2012 which has the AD role as well. Both hyperv hosts are also domain members, and all the servers are backed up to a NAS using Altaro HyperV backup.
The DCs were not set to sync their time from the hyperv hosts; the SBS server is set to sync its time from a reliable US eastern time server and the DC on hv02 synced its time from the SBS server.
There was a power failure and hv02 lost its raid. Since the raid was built on WD green disks I order some RAID disks to replace them and rebuilt the server after about a week. I restored the backup DC and everything seemed to run fine with it, but a few days I had some problem with users redirected folders which lived on the SBS server. The error indicated there was a date / time sync problem between the workstation and the domain controller and couldn't authenticate. Everything on the SBS server looked fine, and it looked like the time between the server and work station were perfectly in sync. When I checked the DC on hv02, I couldn't remote desktop (again for time sync reasons) but on the console I was able to launch HyperV virtual console. Here I could see that the server date was the same date as it was when I originally restored the machine two days earlier. I could not get the virtual CTRL ALT DEL to show the logon screen (clicking the button on the toolbar did nothing). I attempted to shut down the DC however it did not respond so I used the HyperV manager to power the machine off. As soon as I did that things on the domain began functioning correctly again.
I powered the machine back on and again things seemed fine. Two days later, the same issues appeared, and the DC on hv02 was again two days behind. I again had to "hard" power off the machine and restart it.
I attempted to demote the DC however it failed stating that the date / time was out of sync although I could not see any difference between the SBS server and the DC causing issues. Everything matched down to the second as far as I could tell. Also during the demotion process I got a warning that the DC is hosting DNS and Global Catalog roles, which I assume means I should move them back to the SBS server (although SBS is also running DNS as well). The domain hasn't changed at all while the DC has been offline (no GPO changes, no adding / removing servers, no new users, etc.) So that's where I'm at, and I'm not sure how to proceed. I'm ok with blowing away the DC on hv02 and starting over, its only purpose is to be a backup AD / DNS server for when the SBS server (or its host) need to be rebooted for maintenance. How can I get my domain healthy again?
Turn off and delete the failed DC.
Perform a metadata cleanup.
Rebuild the failed DC.
https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx