riyami
asked on
How to reconnect a child domain in a failed PDC
I have single server acting as PDC for the forest and multiple child domains.
The PDC of the forest failed, so I reintalled the operating system, but I am unable to reconnect the child domains to the new PDC.
Please help
The PDC of the forest failed, so I reintalled the operating system, but I am unable to reconnect the child domains to the new PDC.
Please help
i agree with tstaddon 100%,,, you can't just rebuild the DC and think it will magically work again,, you have to restore the AD database from backup,,, without doing that,, the newly rebuild DC "knows" nothing about the child domains, workstations, user accounts etc,,, it thinks its a new domain.
ASKER
I have system state, the problem is that the original server physically damaged. I reinstalled the OS then did the system state restore, but when rebooting the machine hang. So I thought the system state is useless since the actual server is diffirent (Hardware wise) then the server I am using as a replacement.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It is almost true that there is no way but recreate all the trust relation, the problem is that we can not add child domains to the new domain except if we made the childs clean of AD. But what we did is that we installed windows 2k srv on a new machine then used program called newsid.exe to make the new machine SID as the failed server then installed new AD with the same name as the old then used the system state to restore. That steps gave us some time to plan our down time for creating the new domain because the restore is not perfect, we are unable to add users, machines or even look at the users, the restored AD machine complain that there is:
1- NO DNS
2- NO GC
3- NO SYSVOL
I was able to correct 1,3 but 2 the system comlain that it does not have enogh rights to write to it.
in short i did not mind since I will plan my down time.
*** By the way any body knows what went wrong with our original AD server to act that way, not accept system state retore at once, we had to tweak it for more that 2 days.
1- NO DNS
2- NO GC
3- NO SYSVOL
I was able to correct 1,3 but 2 the system comlain that it does not have enogh rights to write to it.
in short i did not mind since I will plan my down time.
*** By the way any body knows what went wrong with our original AD server to act that way, not accept system state retore at once, we had to tweak it for more that 2 days.
just a quick note... I was never able to restore the AD (system state) with ArcServe. On different ocasions, I was able to do it with NetBackup and with the integrated NTBackup. Not to bitch... but CA's tech support is lousy and they too were unable to help with restoring from ArcServe. The backups were ok, I was able to restore files but not the AD....
Vlad
Vlad
If you had only one domain controller at the top level of your Active Directory, and you have no backup of its System State Data, then I would imagine you're in rather a lot of trouble.
Think about it this way: all your other domain controllers, workstations and so on, all recognize that machine as the ONLY authoritative description of the directory and it is the only server which can tell them where they reside within the directory. Also, they identify the server by its SID, not by whatever alphabetical name you give it.
Simply put, your child DCs will NOT function properly - not even between each other - until that server's System State Data cannot be retrieved. So, if you do not have that information backed up, you are really going to have to consider rebuilding your directory.