Server time replication issue

Question

I have 2 servers running Windows Server 2019. Both are working as Domain Controllers. Server 1 acting as primary DC while Server 2 acting as secondary DC. The servers were turned off for more than 14 months. When I turned on the servers now, I got an error message as below:

"The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime."

I already tried to demote the domain controller in Server 2. But when I am demoting it, I get the error message as below:

"A domain controller could not be contacted for the domain that contained an account for this computer. Make the computer a member of a workgroup then rejoin the domain before retrying the promotion."
"The security database on the server does not have a computer account for this workstation trust relationship."

Now how can I resolve this issue?

Answer 1

Hello Hamza Naqi,

Thank you for posting on the Microsoft Community Forum.

Do you want to demote both two DCs (I mean you do not want to keep this domain) and then recreate a new forest?

Your server has been down for more than 14 months and has exceeded the logical deletion lifetime. The deleted data has been completely deleted and cannot be restored. So the server cannot replicate.

If you can not demote the DC via Dcpromo wizard. You can forcibly downgrade the domain controller.

This is an article about domain controller demotion: Demoting Domain Controllers and Domains (Level 200) | Microsoft Learn

Delete Failed DCs from Active Directory | Petri IT Knowledgebase

Clean up AD DS server metadata | Microsoft Learn

I hope the information above is helpful.

If you have any questions or concerns, please do not hesitate to let us know.

Best Regards,

Daisy Zhou