Q. A DC has been restored back to a state over 30 days old and now won't talk to the rest of the domain controllers, what can I do?

A. Scrap the DC and recreate it and promote to a DC again. You'll hear people telling you to run

netdom /resetpwd

which will just reset the password of the domain controller for the rest of the domain. But you run the risk of deleted objects being re-introduced if the DC has been restored to a state older than tombstone lifetime.

Taking snapshots of domain controllers in production is not supported or recommended. Just take normal backups and consider domain controllers expendable. Just run domain controller services on your DC and if a DC has some problem just wipe it and stand up another DC in its place.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.