U-Tools: Unique Tools for Windows System Administrators
U-Move
FAQ

Recreating a Dead DC Via Replication

Q: I can rebuild a DC using replication, so why do I need to use U-Move?

A: If you have a second domain controller (DC) you can try to replace a dead DC using replication. The replacement DC will have a different Globally Unique Identifier (GUID) and a different identity, even if you use the same computer name.

Because the new DC has a different identity you must first manually remove all of the configuration information for the dead DC. To tear down the remains of the dead DC requires that you perform a 20+ step manual procedure using NTDSUTIL, ADSIEDIT, and DCPROMO. You must destroy the old DC account, the old DNS records (including the DNS SRV records for <GUID>._msdcs.<domain>), the SYSVOL member objects (FRS and DFS), the AD objects (e.g., NTDS site objects, NTDS connection objects, etc.). And you must seize up to five FSMO roles possibly held by the dead server.

For a (partial) list of the gory details see KB216498 and KB332199. The instructions described in the KB articles are not sufficient. You also need to rebuild the DNS, WINS, and DHCP server settings and databases, and recreate any custom site or replication settings, and of course run DCPROMO. For an exhaustive list of steps for moving AD to a new computer (or VM) see the Active Directory Domain Services and DNS Server Migration Guide.

Or you can run U-Move and click the Finish button. All settings are carried over transparently including the DNS, WINS, and DHCP databases. Because the new DC has the same identity you do not need to seize any FSMO roles or change any AD settings. Simply click the Finish button and you are done.

U-Move Frequently Asked Questions