How long a DC can be down?

[Guest]

I have a site that is down for a week now. How long a domain controller can
be down before it's remove from Active Directory? This DC is in a branch
office and the first DC is in the HQ. Both are Windows 2003 server.
Thanks,

 

[Herb Martin]

I have a site that is down for a week now. How long a domain controller can
be down

By default: 60 days.

..before it's remove from Active Directory?

Never. You must always remove DCs manually if it is not done
through DCPromo (which is also a manual choice.)

This DC is in a branch
office and the first DC is in the HQ. Both are Windows 2003 server.

Also watch out for DNS issues. (Some people turn on scavenging and
cause more problems there with out of contact DCs than with the DC
directly.)

 

[Dean Wells [MVP]]

To add to Herb's response, 180 days is tolerable (though certainly not a
recommendation) if the forest was built using Windows 2003 SP1.

 

[Herb Martin]

To add to Herb's response, 180 days is tolerable (though certainly not a
recommendation) if the forest was built using Windows 2003 SP1.

I actually considered saying "30 days" (instead of 60) since that is
really "too long" to do without a needed DC. <grin>

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

By default: 60 days.


Never. You must always remove DCs manually if it is not done
through DCPromo (which is also a manual choice.)


Also watch out for DNS issues. (Some people turn on scavenging and
cause more problems there with out of contact DCs than with the DC
directly.)

 

[Hank Arnold]

Herb,

As a general rule, is it a bad idea to have scavenging turned on? Or is you
comment aimed strictly at the issue of a branch DC?

 

[Dave Shaw [MVP]]

Best put as:

"Thirty days - no pain ..."

-ds

To add to Herb's response, 180 days is tolerable (though certainly not a
recommendation) if the forest was built using Windows 2003 SP1.

I actually considered saying "30 days" (instead of 60) since that is
really "too long" to do without a needed DC. <grin>

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

I have a site that is down for a week now. How long a domain
controller can be down

By default: 60 days.

..before it's remove from Active Directory?

Never. You must always remove DCs manually if it is not done
through DCPromo (which is also a manual choice.)

This DC is in a branch
office and the first DC is in the HQ. Both are Windows 2003 server.

Also watch out for DNS issues. (Some people turn on scavenging and
cause more problems there with out of contact DCs than with the DC
directly.)

 

[Herb Martin]

Herb,

As a general rule, is it a bad idea to have scavenging turned on? Or is you
comment aimed strictly at the issue of a branch DC?

There is no trivial answer -- sorry.

The key is that you MUST NOT allow AD-DNS DCs to be separated long
enough to scavenge each other.

Such separation is not likely on a LAN, so this is mainly a WAN issue
(unless the DC is down but then a local DC is usually easier to troubleshoot
and fix even with AD authentication problems.)

So, you must especially watch having scavenging turned on, short periods,
timeouts, and WAN lines down for longer than the scavenging timeouts.

So those people thinking to set scavenging to something like "1-day" get
themselves in trouble sooner or later, and even those thinking to set it
to "1-week" are NOT safe.

(I am not talking about just Scavenging Period here though, but the
composite:
NoRefreshInterval + RefreshInterval and Scavenging Period.)

And all this can interact with the DC SiteLink replication frequency and
schedule.

 

[Guest]

Hello Hien,

The DC would never be removed from the Active directory. There is a
tombstone life time for windows 2003 DCS which is 60 days. So make sure that
the DC is up before 60 days. One week or two should not pose a problem.

Thanks

Balakrishnan Nair