Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Help! Lost the AD Forest Root!

Posted on 2003-11-18
Medium Priority
Last Modified: 2008-02-26
I'm an MCSA who's been thrown in completely at the deep end with the mother of all disaster recovery challenges. Two days to resurrect a forest root domain controller that hosts a number of subdomains.

Sounds easy? Well, it was the only DC in its domain and we don't have ANY backup apart from the GHOST image created after running DCPROMO for the first time.

I work at a college, and recently set up a lab of W2K servers.

We were broken into recently, and a bunch of machines and drives were nicked from the office adjoining the lab; unfortunately this included the forest root - a machine called INSTRUCTOR which was the first DC in the Room.College domain.

Even more unfortunately, in the resulting nicking spree, the backups were nicked as well as a couple of student machines. Fortunately they were disturbed before the whole room got cleared out.

(I'm not joking.)

The remaining PCs in this room were set up as seperate DCs, each in its own subdomain. For example,


The students on these machines all logged in as Administrator in their own domains, OR Instructor in the domain Room.College.

Here's the tricky bit. There's no backup of the Forest Root, at least not since the day it was first built. The class has evolved around building the AD over the past month or so.

As luck would have it, I created GHOST images of the server prior to handing it over to the tutor so I have been able to build up a spare machine as a replacement.

However, the only existing backup of INSTRUCTOR is (quite understandably) unaware of any of its child domains, far less any of the objects in them.

I've left it disconnected from the LAN while I figure out how to proceed. One of the remaining student machines is also a Global Catalog for the domain, but won't synch with the other DCs until DNS is up and running (which means powering up INSTRUCTOR).

If I jack INSTRUCTOR back into the network, what's likely to happen? If I boot into DS Restore Mode and tell it to do a non-authoritative restore, will the other servers re-integrate with the AD?

Question by:tstaddon
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Author Comment

ID: 9772407
Should add at this point that we are talking a number of students who have paid for a 12 week course, all of whom have customised their own AD as they see fit.

Aside from the AD, there's no loss of data. The server wasn't used for generic File & Print services, all it did was authentication, DNS, and proive the teacher with a machine that was connected to an electronic whiteboard.

Expert Comment

by:nader alkahtani
ID: 9772714

Expert Comment

by:nader alkahtani
ID: 9773000
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.


Author Comment

ID: 9777407
Thanks for the links.

I checked the troubleshooting flowchart for this state of affairs, and no suggestion is available for this instance because the DC in question was the only server in that domain, it held all the FSMO roles prior to the theft, and was therefore the ONLY machine that had any idea of the structure of the Active Directory.

The backup only restores the server to the point it was at BEFORE the child domains were created.

This is a rough description of the directory structure as it now stands:

Room.College                 |  Student1Dom.Room.College    Student2Dom.Room.College     Student3Dom.Room.College
DC: Instructor                 |  DC: Student1DC                     DC: Student2DC                      DC: Student2DC
Member Servers: none    |  Member Servers: None           Member Servers: None            Member Servers: None
DNS                               |  Global Catalog (created
Infrastructure Master       |  after Instructor went down)
Schema Master               |  
Global Catalog
PDC Emulator
RID Master
** Doesn't know about the Child Domains **

The students can log in locally to the DCs, but I will need them to access Instructor at some point because they are learning about AD and need access to the root domain, to join existing standalone 2K servers to the AD.


Author Comment

ID: 9881002
Sorry, lads, but I figured this one out on my own. I exported lists of AED objects on each server, used DCPROMO /FORCEREMOVAL to kill off the directory, then restored the instructor server, and then DCPROMO'd the other DCs.

Using the object lists, I had the network up and running again after a couple of hours.

Accepted Solution

PashaMod earned 0 total points
ID: 9900343
Question closed and points refunded

CS Moderator

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question