• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 746
  • Last Modified:

Active Directory in the trashcan - Emptying the trashcan leads to disabled logins

Hello,

my company will be taking over the networking responsibility for five servers on the 1. September 2004. Two of these servers, "Exchange", and "SRV01" has for some odd reason "the Active Directory in the trashcan".

We have been told that, if we empty the trashcan, "the whole network will go down the drain" - which I interpret as meaning that the users can no longer login. It is as bizarre as it is tragicomic.

We got this information from some accountants working there, who have some IT-skills, but are not on such a high level that they can really tell us what is going on.

Do anyone have some understanding of what has happened, why emptying the trashcan on these two servers leads to that netlogin is disabled, and what can we do to fix it?

Morten/MLD
-MCSE
0
Morten_Lillesand
Asked:
Morten_Lillesand
  • 7
  • 4
  • 3
  • +1
1 Solution
 
Morten_LillesandAuthor Commented:
When I say "Trashcan", i mean of course "recycle bin".
0
 
Pete LongTechnical ConsultantCommented:
??? whats in the recycle bin ?? <chuckle>

active directory lives in NTDS.dit can you locate this file on the hard drive?
0
 
Pete LongTechnical ConsultantCommented:
just when I thought I'd seen every possible question in this TA you come along and prove me wrong :)
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

 
JamesDSCommented:
PeteLong
stunning stuff!

It sounds like the thing to do here is build a new DC with the AD and SYSVOL in the right places!

This will tell you how to move the NTDS.DIT and Log Files:
http://support.microsoft.com/default.aspx?scid=kb;en-us;257420&sd=tech

This will tell you have to move SYSVOL:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part2/adogdapa.mspx#XSLTsection146121120120

Before we start, PLEASE tell me what's in the recycle bin, as I still can't believe what you're saying is even possible :)

Cheers

JamesDS
0
 
Pete LongTechnical ConsultantCommented:
I do hope its a shortcut to "active directory users and computers" ROFLMAO

but seeing as the poster is an MSCE I think the problem may well be slightly more serious <grin>

Id just DCPROMO another server seize the FSMO roles then demote and repromo the the other two
0
 
jdeclueCommented:
Woah, drag the file to the desktop from the recycle bin. Let us know the size, extension and then open it up in notepad... and tell us what is says. It is most like just a link to the Active Directory provider under explorer or something...


J
0
 
Morten_LillesandAuthor Commented:
Hi guys, thanks for your feedback.

I will pause this case for today, because I first get a chance to visit the customer tomrrow to find out what is in the recycle bin.

Yes, this is extremely odd. :-)

Looking forward to solve the problem together,

Morten/MLD
0
 
Pete LongTechnical ConsultantCommented:
OK Morten - Im gonna have to EMail this URL to my work address cause this Ive gotta see - let us know how you get on :)

Pete
0
 
JamesDSCommented:
oooh, brutal :)

ROFLMAO - I second that, it's hard to type with tears in your eyes...

I reckon we can nail this one without anything quite so evil as a seizure. What happens if we try to restore the contents of the recycle bin to their original location??

That would seem to be the most obvious immediate action!

Cheers

JamesDS
0
 
jdeclueCommented:
I am going to have to remember this... I think I will start dropping 0 byte files named Active Directory in the recycle bins on all of the computers, might not be the case here, but it should be pretty funny with my customers! ;)

J
0
 
Pete LongTechnical ConsultantCommented:
Id be backing up the system state before I do anything else - Though Im pretty sure that is impossible for AD to live in the recycle bin, how would the network know its recycler SID number?
0
 
Morten_LillesandAuthor Commented:
Well, according to the information I have regarding these servers, there is one tape backup (DLT 160/320 or something) with remote agents on all, so the system state should be kept safe. I'm really looking forward to see what we dig up :-)
0
 
Pete LongTechnical ConsultantCommented:
How did it go?
0
 
Morten_LillesandAuthor Commented:
Hi all!

Sorry this took so long - I first got a chance to visit them today.

Here is the contents of the recycle bin: http://www.mld.no/recycle_bin_horror.jpg

As you can see, they have [oddly enough] put the entire C:\WINNT\NTDS directory into the bin.

Still, the C:\WINNT\NTDS does exist on the drive as it should, and it contains the ntds.dit updated to 02.09.2004.

The C:\winnt\ntds contains: http://www.mld.no/c_winnt_ntds.jpg
The C:\winnt\sysvol contains: http://www.mld.no/c_winnt_sysvol.jpg

So why does the active directory stop working when we empty the recycle bin? Anyways, it sounds like you have a good proposal PeteLong in rebuilding the entire DC.

I'm puzzled. Looking forward to hear what you're saying.

Morten
0
 
jdeclueCommented:
Well if you are going down the path or rebuilding, go ahead a nd empty the trash can. If the domain controller works fine and the folder does exist... it should not cause any problems... but be prepared.

J
0
 
Pete LongTechnical ConsultantCommented:
-Yeah vote #2 sysvol looks OK and it appears you have a 28Mb Active directory ntds.dit

if your worried back it up first, but Im willing to bet nothing will happen
0
 
JamesDSCommented:
Morten_Lillesand
What worries me is how they knew they had the AD in the recycle bin and how they knew that something would happen.

I would get the DB replicated off somewhere else and the GC and FSMOs transferred before I emptied it

Cheers

JamesDS
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 7
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now