I have two domain controllers. One is failing replication. It has past tombstone expiration, so I have read it must be demoted and re-promoted.
I cannot log in to this server anymore, because of failed replication and do not know if I can access a local admin account.
- Is there a way to fix replication without demotion? (Directory Services Restore Mode?)
- What is the proper method to demote/promote without RDP?
Best Answer
You should still be able to log in. Replication doesn't have anything to do with this, other than you may have to use an older password for your domain admin account if you've changed it.
There are no local accounts on DCs. You'll have to use either the Directory Services Restore Mode account and boot into DSRM, (you configured this account at the time of promotion), or use a Domain Admin account.
There are steps outlined on TechNet to fix this, however, the cleanest and most recommended method is to demote and promote again. DSRM does not figure in here.
If you can't RDP, then do a console session over your out-of-band management controller (iLO, DRAC, etc) or get physical access and use a keyboard and mouse. If this isn't an option, then you will have to do a metadata cleanup and reinstall the server. After you do a metadata cleanup, a reinstall and re-promotion will be the only way to bring that DC back into service.