Hello, I have a client wishing to have two domain controllers on the same network/domain. Server 2003R2 Standard x64. Both OS's are the same and the new server has had its active directory replicated with the other domain controller already but is not connected to the network yet. Is A/D replication the proper method to have both these DC's online? If so, could someone guide me to some documentation that might assist me. Thanks in advance!

Hello, if you have multiple DCs for the same domain make sure they can replicate allways. DON'T disconnect them, if they are over the tombstone lifetime you run into trouble. It is recommended to have a tleast 2 DC/DNS/GC per domain and also all domain members configured to use both DNS servers on the NIC.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Thanks for your reply. The domain controllers have been disconnected from each other. How do I get them to replicate again?

Hello, how long are they disconnected? The default tombstone lifetime on Windows server 2003 R2 is 60 days. Windows server 2003 R2 SP2 is 180 days. To be sure please check with the following command: Dsquery * "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=Domain,DC=com" -attr tombstoneLifetime Replace DC=Domain,DC=com with your own domain name in the same format. If no value is shown as output it is 60 days, otherwise you should see a different number. If you are over the tombstone lifetime demote the outdated DC and promote it again. That way the replication will start again.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Thanks again, They have been disconnected for roughly 27 days right now. Problem is that i'm waiting on a third party to install a VPN connection in order to re-connect to the other DC. I have no idea how long it will take these guys to get the VPN back up, but guessing from experience it will be a while! Thanks for the information I will need this command when the VPN is back up. Any other suggestions?

Hello, as long as you reconnect them inside the tombstone lifetime repliation should start automatically. After connecting them use the support tools to check for problems: dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and don't run on Windows server 2008 R2] repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)] dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) Also the /e in dcdiag scans the complete forest, so better run it on COB.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

What happens after the tombstone lifetime?

Hi, If a domain controller does not replicate for an interval of time that is longer than the tombstone lifetime, lingering objects will occur. For more information, please refer to: Information about lingering objects in a Windows Server Active Directory forest http://support.microsoft.com/kb/910205 Hope it helps. Regards, BruceThis posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Is there any update? If you need further assistance, please let us know. Have a nice day!This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.