I just did some search such as this one and this to avoid asking a question which already has answer.
However, I'm not sure whether the information fully match my question or not.
The situation is, I'm currently maintaining a test environment under a business domain. There are two windows 2016 AD domain controllers acting as primary DC and second DC respectively, and are apparently linked together to provide domain services.
These two domain controllers only have basic roles running: domain services and dns, and all the nodes/clients in this domain are managed by them.
Now, the primary DC encountered unexplainable issues and I have no choice but to delete the whole machine and rebuild a new primary DC to replace it.
I have no experience on "rebuilding" the "primary" domain controller, does anyone know what to be aware of when doing such thing? Or maybe I can just delete the primary DC and recreate it without making any changes on second domain controller?
thanks in advance.
Best Answer
Notice that while you designate one of your controllers as "primary", there is no such concept in the Active Directory technology. The NT4 "PDC" functionality was essentially split a "primariness" into several Flexible Single Master Operation (FSMO) roles, which can be assigned to different DCs, and then there will be no signle controller which can be designated "primary" at all. That was done 22 years ago, and yet many people still use ancient and irrelevant NT4 terminology!
So, the general DC "rebuilding" strategy applies. After each step you should check your replication is consistently working, and group policies on the SYSVOL share are available. You begin by fixing replication issues (if any), then move all assigned FSMO roles away from the controller you are about to demote, and then you demote it, updating DNS. After reinstalling and promoting a new DC you may reassing some FSMO roles to it or leave them where they are — it doesn't matter much.