Taking Your Active Directory (AD) Offline

April 26, 2017 at 8:37 pm


This content is a slice of my Hands On Lab 70-742 course at CBT Nuggets.

Offline AD Overview

We know that most of our work with Active Directory takes place while it is online. Certain maintenance items, however, require the service to be offline. This is one of the reasons we love to have multiple Domain Controllers in the network. We can bring a system offline, while other online DCs can service client login requests and other necessities of the directory service.

AD DSRM and Restartable AD DS

For a long time, the only way you could take AD offline was to use the Directory Service Restore Mode (DSRM). Now, since Windows Server 2012 and later, you have what is termed restartable Active Directory Directory Services. This is a beautiful act of simplicity. You stop the AD DS service (which stops other services that rely upon it) and you are good to go. This is much better than restarting the entire Domain Controller for the DSRM mode.

Restartable AD DS

In order to perform this, follow these steps:

Step 1: Launch the Service applet.

Step 2: Find Active Directory Domain Services and right-click this service and choose Stop.

Step 3: Agree to stop reliant services. This should include (at least) DNS Server, Kerberos Key Distribution Center, Intersite Messaging, and DFS Replication.

Step 4: Congrats! Your AD is now offline.

One example of a maintenance task you could now safely perform would be a defragmentation of the AD database!

Pearson Education (InformIT)