[ActiveDir] Seized the roles of a failed DC

[Bahta, Nathaniel V CTR USAF NASIC/SCNA]

Hey all,    I have a little question here, just a sanity check for the most part.  We had a DC that got its registry ripped to shreds by some hardware folks, the end result was the OS no longer recognized TCP/IP interfaces, even after a system state restore of the registry component.  This resulted in an offline DC which was only the Domain Naming Master and one of 2 GC's.  Our domain is very small with only 4 DCs and the AD database is small as well.  Previously when an Operations master (Infrastructure Master) went offline and would not be online for at least another 24 hours, rather than let the time elapse for the maintenance they requested we transfer the role to another server immediately, so we complied.    The issue is, this last time a DC failed and the transfer could not take place, so I seized the roles and brought them online on another DC as well as made another DC a GC.  The problem is that, since I seized the roles I realized I could not use the previous DC's name again in AD, based upon previous experience, lots of articles, and other admins in the past's personal preferences for AD recovery.    I got my head chewed off by the entire organization from this renaming of the DC and have undergone many meetings and attacks from people I had not even worked with before.  I am just wondering what are some of your practices in this situation.   Recap:   1) Failed DC with no network connectivity 2) Organization wants role holders online at all times 3) Removed DC manually and did cleanup of AD database 4) Built new DC and used a new name 5) Forced through a modern day spanish inquisition 6) What would you have done?       Thanks,   Nate Bahta   General Dynamics Information Technology Sr. Systems Administrator   "Certo Dirgo Ictu"