Mar 08 2019 04:41 AM
We have two domain controllers at head quarter and one domain controller at our branch office. All the DC are set up identical beside the location information.
We has experienced that the DCs in head quarter couldn't get any updates from the branch DC but branch DC would be updated from head quarter DCs if there were something new.
We want to create a brand new DC in the branch office to check if the issue would be still there. Now I want to know, shall I demote the old server first or promote the new server first?
Many thanks,
WuyiL
Mar 08 2019 05:58 AM
If it has tombstoned I suppose you could do either, but yes I'd standup the new one to see if its possible. Also check the ports are open between sites.
https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
Mar 12 2019 10:28 PM
Thanks for the information. We don't have any specific traffic policy setup at the firewall. The offices are connected by MPLS VPN.