This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 63%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I have a case scenario where around 100 systems will be integrated with single active directory with 2 domain controllers and I need to ship 1 domain controllers and all the 100 systems to site for productions. I will retain the second domain controller and integrate another 50 systems. Later after 6 months I will ship the second domain controller with 50 systems to site for a final integration. Is it possible?
What is the impact with respect to group policy, password change etc?
After moving the 2nd DC to site will they get sync properly?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 57.99999999999999%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESY%3C/text%3E%3C/svg%3E)
Hello,
Does this question have any update or has this issue been solved? Also, for the question, is there any other assistance we could provide?
If anything is unclear, please feel free to let us know.
Thank you so much for your time and support.
Best regards,
Stephanie Yu
Hello,
I'm just following up to make sure you received my last reply and that my answers properly address your questions. If you have any further questions or concerns about this case, please let me know.
Have a nice day!
Best Regards,
Stephanie Yu
Hello @Ataro ,
Does this question have any update or has this issue been solved? Also, for the question, is there any other assistance we could provide?
If anything is unclear, please feel free to let us know.
Thank you so much for your time and support.
Best regards,
Stephanie Yu
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello @Ataro ,
Does this question have any update or has this issue been solved? Also, for the question, is there any other assistance we could provide?
If anything is unclear, please feel free to let us know.
Thank you so much for your time and support.
Best regards,
Stephanie Yu
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
If you disconnected the two for six months then the isolated domain controller will tombstone plus production system will have no knowledge of the 50 new members.
As long as you can maintain a VPN connection between sites it should be doable.
--please don't forget to Accept as answer if the reply is helpful--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
If you want to install two domain controllers in two different sites , you have to establish a VPN connection between those sites to ensure the AD replication ,time synchronization , reset password ..ect.
Before move a domain controller to another site you have to be sure that VPN is working fine between the two sites.
when the isolation period exceed tombstone, the domain controller will be unable to replicate with other partners and you have to demote it and promote it again.
So, it's not a good idea to keep a domain controller isolated for six months.
Don't forget to mark this reply as answer if it help you to fix your issue
Hello avilavinash-2191,
Thank you for posting here.
Here are the answer for your references.
According to your description, my understanding is that you have a single active directory with 2 domain controller(Assuming the names are DC1 and DC2),and the two DCs are in the same site (assuming the name is Site1).
Now 100 systems are operating normally in the subnet segment divided by Site1. You want to build another site (let us say it’s called Site2) later after 6 months and you want to move DC2 to Site2.
Do you want to move 50 of the 100 existing systems to Site2 where DC2 is located, or do you want to create 50 new systems for DC2 and add 50 more systems after six months? No matter what your situation is, please confirm the following information:
The following is a response to your question:
Q1: What is the impact with respect to group policy, password change etc?
A1: If your sites or DCs are physically separated, you need to ensure that the VPN you have to establish a VPN connection between those sites.
If your sites or DCs are in the same domain physical location, there will be no problems.
Follow the above step1-step4 to check, if everything is normal, the operation will not affect the problem you mentioned.
Q2: After moving the 2nd DC to site will they get sync properly?
A2: In response to this problem, after moving the 2nd DC to site, you can run repadmin /syncall /AdeP and gpupdate /force on the two DCs to force AD replication synchronization.
If all DCs get sync after running repadmin /syncall /AdeP, we can follow step1-step4 to check AD environment again. If everything is normal after checking, it means AD is working fine.
Hope the information is helpful. If anything is unclear, please feel free to let us know.
Best Regards,
Stephanie Yu