I have a 800xA v5.1 rev.D system consisted out of redundant AS/CS/DS servers and couple operator workstations. Couple months ago, I left AS/CS/DS-02 in a plant that is not yet commissioned, and I took AS/CS/DS-01 to make application changes in the office.
So now, I have to return the AS/CS/DS-01 to the network. Can I just do it, and the synch process wil go smoothly, or should I maybe disconnect the AS/CS/DS-02, connect AS/CS/DS-01, and than reconnect 02 to be synched with 01?
Separating running domain controllers often result in various synchronization problems... try running a "dcdiag /a" on a command prompt after reconnection.
Mainly, two things may occur:
- Secure Channel password may expire (~60 days)
- Active Directory Tombstone Lifetime may expire (~180 days, may vary depending on setup)
Any of these may cause trouble for you.
The additional event logs you will find in a domain controller (DFS Replication, Directory Service) will also tell if sync is successful or not.
There exist several Microsoft Knowledge Base articles on how to detect and resolve this:
- Reset Secure Channel Password
- Remove lingering objects in Active Directory
- Forced Active Directory synchronization
- Cold start (demote one domain server, clean metadata then promote again)
For System 800xA in 1oo2 aspect directory configuration, the direction of synchronization is from first provider to secondary provider (verify order in the Service Group as it may change after Add/Remove operations in the Configuration Wizard).
You can also force any 800xA aspect server to "cold start" by performing this:
- Maintenance Stop
Keep an eye on the re-synchronization process in the [Service Structure]Service Event List.
After successful synchronization, the old (renamed) folders can be deleted. You can also revert the action by stopping and restoring the names of the folders back to original.
The E143 Troubleshooting 800xA Expert Workshop taught at ABB University in Västerås covers exactly this scenario in one of the exercises.