none
Recovery of Failed Child domain controller

    Question

  • Hello All,

    I have been trying to recover my failed domain entity for past few days but stuck in a situation so seeking an advice. Here are details:

    1. Domain <g class="gr_ gr_31 gr-alert gr_gramm gr_run_anim Style multiReplace" data-gr-id="31" id="31">setup :</g>  Parent-child

    The parent domain - xyz.com; 1 DC (on-premise) 

    Child domain - wt.xyz.com; 2 DCs - 1 On-premise (Local.wt.xyz.com) & 1 additional DC on Azure (ADC.wt.xyz.com)

    Functional Level - Windows 2012

    2. Issue

    Due to a storage controller failure of underlying ESXi host chassis, the on-premise child domain controller (Local.wt.xyz.com)  failed to BSOD (Bad_system_config_info).

    It was presumably having all the FSMO roles.

    3. Troubleshooting so far 

    A) Recover failed disk - Tried Last known good config, safe boot, <g class="gr_ gr_39 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="39" id="39">chkdsk</g>, /Fixmbr, <g class="gr_ gr_48 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="48" id="48">fixboot</g>, repair. However, nothing worked at all.

    B) Role Seizure onto ADC - Did metadata cleanup of Local.wt.xyz.com from Parent & child domain & deleted its entries from DNS and AD sites & services,  and added the Azure local subnet to AD sites & services. 

    Currently, ADC.wt.xyz.com is showing that it owns PDC, RID & domain naming master, however when I run dcdiag</g> /v /fix it tells me that it is awaiting initial synchronization of Sysvol from Local.wt.xyz.com and until this is solved, the DC will not assume the domain controller role.

    If anyone has faced or has any clue about this situation, please suggest.

    Any help would be appreciated.

    Thanks

    Karan



    • Edited by KaranChawla Friday, January 27, 2017 1:06 PM
    Friday, January 27, 2017 11:40 AM

All replies

  • Hi

     You should perform bare metal recovery for this crashed DC;

    https://blogs.technet.microsoft.com/askcore/2011/05/12/bare-metal-restore/

    Then check for fsmo roles,if needs you can seize fsmo roles to this DC again.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by Todd Heron Saturday, January 28, 2017 2:55 AM
    Friday, January 27, 2017 6:40 PM
  • Thanks for your response.

    This solution requires a backup which we don't have. Any other ideas?


    Karan

    Monday, January 30, 2017 9:11 PM
  • Hi Karan,
    Generally, we could restore a DC from another working DC in the domain or from backup. As you have no backup (it is strongly suggested to have one), you could have a try to recover from the additional DC: https://technet.microsoft.com/en-us/library/cc535164.aspx.
    However, your additional DC is on Azure, not sure if it is working, in this case, I would suggest you post the question in Azure Active Directory forum to have a try.
    https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD
    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Thursday, February 2, 2017 1:58 AM
    Moderator