Domain Controllers - Always rebuild if an domain issues occurs
-
So I know this is standard practice, that if you have issues with a DC that you just build a new one and decommission the old one.
My question is what do you guys do to move everything else off of the broken DC? I ask because I've only ever worked at places that load up their DC's with all kinds of services. Be it file shares, Spiceworks, door security software etc.
Backing up the data, isn't such a big ordeal, but it does add complexity and recovery time. Things such as print servers being configured on the DC, are also easy to move, but adds complexity and duration.
I personally am a fan of having a DC act solely as a DC. But I've never seen this occur in my experience.
-
You don't have to move the other stuff, you only need to move the AD DC. So you can just shut it down (as a service) and leave everything else intact. Then make your new AD DC. Great way to start splitting services, in fact!
-
Doh... that does make a lot of sense.
-
For some reason I've always thought of decommissioning a DC as just outright removing it (physically). Never just thought of it like that.
I suppose I've always heard of people being concerned of lingering issues if the server was still online, but no longer a DC.
-
I have been in situations in the past where DCs are loaded with garbage. The easiest way to handle this is spin up a new DC, transfer the roles, and demote the old DC. It can still act as a member server
-
Most people, I think, just assume that a DC is going to be all alone on its VM - so they discuss it in terms of blowing the whole thing away just as a knee jerk reaction.
-
@scottalanmiller said in Domain Controllers - Always rebuild if an domain issues occurs:
Most people, I think, just assume that a DC is going to be all alone on its VM - so they discuss it in terms of blowing the whole thing away just as a knee jerk reaction.
Isn't a dedicated DC VM (classically physical) the better approach so you could literally just blow away the VM?
-
@DustinB3403 said in Domain Controllers - Always rebuild if an domain issues occurs:
@scottalanmiller said in Domain Controllers - Always rebuild if an domain issues occurs:
Most people, I think, just assume that a DC is going to be all alone on its VM - so they discuss it in terms of blowing the whole thing away just as a knee jerk reaction.
Isn't a dedicated DC VM (classically physical) the better approach so you could literally just blow away the VM?
Right, which is why people just assume that that is what has been done.