Solved

Reinstalling Advanced Server 2000 over Itself will the users and passwords be imported

Posted on 2004-10-07
32
235 Views
Last Modified: 2010-04-14
If I reinstall Win2k Advanced Server 2000 PDC over itself will it automatcally import the users and passwodrs from the PDC I'm installing over. Our server has become unrelieable so we want to reinstall with a fresh copy. however I really don't want to have to make these users re-enter everything again. If the process is not automatic what must i do to make it work

Brian
0
Comment
Question by:bvagnoni
  • 14
  • 8
  • 4
  • +3
32 Comments
 
LVL 19

Expert Comment

by:Zaheer Iqbal
Comment Utility
I dont think you have explained the situation here correctly.
So do u have two servers?? or only one.
0
 

Author Comment

by:bvagnoni
Comment Utility
it's the same box. so only one. The server has become unstable so we want to reinstall it. So will it retain the pdc users and passwords or will I have to import them some other way.

Thanks

Brian
0
 
LVL 7

Accepted Solution

by:
corneliup earned 375 total points
Comment Utility
The answer is NO!
First you have to backup the server
Reinstall it then do an authoritative restore

Microsoft Knowledge Base Article - 241594
How to perform an authoritative restore to a domain controller in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;241594&sd=tech

Microsoft Windows 2000 Advanced Server documentation - Authoritative restore
http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/ntbackup_authoritative_restore.htm
0
 
LVL 7

Expert Comment

by:corneliup
Comment Utility
0
 
LVL 7

Expert Comment

by:corneliup
Comment Utility
0
 

Author Comment

by:bvagnoni
Comment Utility
Hmmm,

The server is functional, it's works it's not totally down. There has to be an easier way than doing what you have suggested. I realize the 2 command line utills cs and Ldi ..etc won't copy passwords. I'm looking for more of that sort of thing. What about using the mirgration tool instead admt. I just want to be spared and have the users spared the requirement of having to recreate all those user accounts and then have them redo all their passwords. Eveything else I would prefer to be fresh.


Thanks

Brian
0
 
LVL 9

Expert Comment

by:CDCOP
Comment Utility
If you have another computer you can use for a temp server, you can make it a member server then promote it to a DC and demote the one your having problems with, reinstall w2k on it, make it a member server of the second PC, promote the orig. server and demote the second. Sounds confisuing huh? It's really quite easy.
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Hi

I think CDCOP has your easiest route - it's my favoured way of retiring a dc with little or no effective downtime and being able to keep all the AD settings. Are you file serving or application serving on your problem DC?

Deb :))
0
 

Author Comment

by:bvagnoni
Comment Utility
The server has 2 partitions available on it. Could I install the new install on the second partition and then import the users that way or do they both have to live on the network?

Thanks

Brian
0
 
LVL 7

Expert Comment

by:corneliup
Comment Utility
If using a second computer will also have to Transfer FSMO Roles beetwen the two boxes

255690 - HOW TO: View and Transfer FSMO Roles in the Graphical User Interface
http://support.microsoft.com/default.aspx?scid=kb;en-us;255690
0
 

Author Comment

by:bvagnoni
Comment Utility
Right now it's just a pdc, web & non-exchange mail server. What is CDCOP?

Thanks

Brian
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
LOL - CDCOP is the name of the guy who posted your best suggestion : ))
0
 

Author Comment

by:bvagnoni
Comment Utility
Oh I though CDCOP was a utillity, duh

Brian
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Do you have a machine that can act as a temp server at all?
0
 

Author Comment

by:bvagnoni
Comment Utility
I could use my laptop which has Vmware on it. I have an MS Advanced Server 2000 virtual machince there I could use fo this purpose. Hmmm let me think about this as it mite work.

Thanks

Brian
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
corneliup's answer is the correct answer without a doubt,,,,, that is the only  proper way to restore a DC. That is how Active directory was designed to be restored.  Any other method will give you "mixed" or unwanted results.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:bvagnoni
Comment Utility
to corneliup:

so to be clear what are the process steps i need to take. keep in mind i have really no way to backup except to backup to another partition on the pdc system if that will be good enough.

thanks

brian
0
 

Author Comment

by:bvagnoni
Comment Utility
will system state be enough or do i need to back up all of the active directory and/ or the entire disk.

thanks


brian
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
I disagree mikeleebrla and so would many others (Ever heard of the famous Ed Crowley and the move server method? It may be a less risky way of moving an exchange installation but it stands true with active directory too). Either way a good back up should be taken, and if for whatever reason the move server way does not work out (and there's no way that it shouldn't unless AD is in trouble), there is still always the option of an authoritative restore is there not?

"Any other method will give you "mixed" or unwanted results" - Please post a link to illustrate your thinking on this.

As far as I've read the question Brian wants to move his AD, so that he doesn't have to go recreating all the users groups etc. If using a temp server to hold AD is such a bad idea then why do so many of us use more than one DC in a site for redundancy?

Anyway I think the most important question to ask here first is what's wrong with the server? Why IS it unstable? Because if the problem is related to AD, then ANY of the suggestions won't necessarily solve your problem. If all you've got is an another partition then bringing up a temp server is DEFINITELY your best route. However firstly what's the problem with your current DC, and also you don't have a single label domain name do you? ie

yourdomain, rather than yourdomain.com?

Deb :))

0
 

Author Comment

by:bvagnoni
Comment Utility
I don't think AD is damaged. It's more performance related issues. networking issues, windows non-AD system issues. Spyware got on the system and has caused problems. Even after removing all of it; it just doesn't seem to work that way it should. Also, the computer doubled as a work station for awhile there. I understand how bad that is but it was fact of life and we cannot change that now. Hence whty we want to reinstall.

When MS states system disk are they refering to the etire disk or just the winnt directory or sysvol and assoicated dir's.

Thanks

Brian
0
 

Author Comment

by:bvagnoni
Comment Utility
Oh it's domainname.coom not domainname to answer your question.

Thanks

Brian
0
 

Author Comment

by:bvagnoni
Comment Utility
Also, to do the temp server I would need 2 live servers for that not just not 2 partitions c and d on the same system correct?

Thanks

Brian

PS The jury is still out for me I'm cosidering everyones comments still so please keep them coming

PSS Why can't this be LINUX or UNIX argh!!!!!
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
deb,, i hesitate to even post b/c i hate  when people get in pissing matches on this site rather than solving the initial question but you are simply wrong. First off you mention the Ed Crowley method which is for exchange 5.5 for one and has nothing to do with active directory (remember that exchange 5.5 was before AD even existed) In any case it is ALWAYs best to stick with MS engineered solutions rather than some other method you find on the internet that will give you mixed results. Anwyay,  here is your link:

http://support.microsoft.com/default.aspx?scid=kb;en-us;241594&sd=tech

that is the only MS supported way to restore a DC.

I do agree with you that the root cause of the problem should be attempted to be found.  A rebuild of the server may not solve the problem.
0
 

Author Comment

by:bvagnoni
Comment Utility
so I'm still a little confused.

1. perform a backup of what I'n not sure to the d drive? but must at least contain system state.

2a. format c drive where new install is to go.
2b  reinstall advanced server 2000 to c drive, blowing everything in the partition away that the pdc resided in

3. update windows

4. make pdc

5. do authoritative restore

6. go home eat dinner

Please is this what I must do, if people could fill in the bkanks I would then be grateful and accept this question

Thanks

Brian
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 125 total points
Comment Utility
That sounds good to me,,,, Active directory is part of the system state,,, so if you back up the system state you ARE backing up AD.  You will also want to back up any other files that you want to keep but as far as the Domain controller/AD information is conserned all you need is the system state.  FYI:  PDC and BDC are NT 4.0 terms,,, in a 2000/2003 domain there is no such thing. All domain controllers are simply DCs.  They can hold one or all of the 5 FSMO roles and/or a copy of the Global catalog.  Since yours is a single DC setup your one DC will hold all 5 FSMO roles as well as the Global Catalog.
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
No I don't like to get in matches (and this is my first time) either but you didn't answer my question (as to why we use additional Dc's for redundancy) and the Ed Crowley method CAN also be used for Exchange 2000, (Yes it relates to Exchange - but I was using the example to illustrate how active directory is replicated across servers - read it
Exchange 2000 Move Server Method
http://www.swinc.com/resources/exchange/faq_db.asp?status=questions&faqID=1001&faqname=Exchange%202000&sectionID=1024&sectionName=Exchange%202000%20Move%20Server%20Method).

However here's a better one and describes how to do it:
How do I install a second Domain Controller in my Active Directory domain on my Windows 2000 Server
http://www.petri.co.il/how_to_install_active_directory_replica_on_w2k.htm

Making sweeping statements as to the validity of other Expert's suggestions without posting additional evidence to back-up your contentions is not only disrespectful but worse still confuses the person who is looking for a solution. I am trying to suggest the best way of making sure a functioning replica of AD is maintained, and so have suggested a failsafe which is the responsible thing to do.

 "In any case it is ALWAYs best to stick with MS engineered solutions rather than some other method you find on the internet that will give you mixed results" - This statement is just unbelievable when referring to using an additional domain controller for redundancy. Adding a second DC IS a ms engineered solution!!!!!!!!!

Now on with the issue at hand - Correct - you need one other live server although obviously it does need to meet the minimum specs (and then some) for holding w2kserver. I've used a dual-booting pc before now in emergency situations (ie imminent server failure) just to hold ad long enough to get the fixed server backup.

At the end of the day what you do is your choice. It just depends really how safe you want to be and how much time you have.
Is your partition a partition on another physical drive or a partition on the same drive? (Feel free to kick me but better check!)

The reason for suggesting a temp server is that you automatically get a fully functioning replica of active directory. And if you don't get that, you know about it pretty quickly. Also if you don't get that you still  have your backup to rely on. If you just rely on the back-up then you obviously have just Plan A rather than Plan A and Plan B. Depends on how much you want to avoid starting from scratch etc. If the authoratative restore works - great. If it doesn't you're starting from scratch.

Deb :))

0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
deb,,, your solutions do NOT apply to this person's situation at all,,, you are talking about exchange (which this person doesn't even use) AND you are talking about mulitple DCs (which this person doesn't even have).  Get over it, you are wrong, admit it,, points have been awarded to those who helped this person and not surprisingly you didn't receive any. Maybe thats b/c your solutions do not even apply to this persons environment or situation at all???
0
 

Author Comment

by:bvagnoni
Comment Utility
I could have done it cdcop/her way but if something goes wrong i would rather have ms documentation to back me up rather than a 3rd party web site. i definately see how cdcop's method could have worked. i would have actually like to have tried it because it would have given me another way to use vmware which i can't say enough good things about. had it been my own system rather than a customers i would have done it cdcops way.

thanks

brian
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Ok - takes deep breath - I am NOT talking about exchange I am talking about getting a working replica of AD (there isn't an exchange server on this site - ok so the example I used wasn't fab but I did explain what I meant)  which is a million times easier for a beginner than using NTDSUTIL to do a restore (no matter how well documented by microsoft ) and you should really know that Mike. It might be documented but how easy is NTDS util to use ? What is even more frustrating is that both avenues can be taken here, with the authoratitive restore as the last option (because if it doesn't work or bvagnoni gets stuck with it) then there just isn't another option, and the principles of supporting here is first do no harm and that means don't put authors in situations where they can lose data.

Restoring a full backup and system state will just restore the entire server as it is over a new installation, problems and all and you haven't made that clear.  
I really hope that you haven't made this poor guy's life ten times harder than it needs to be. Anyway I'm out of here. Good luck!
0
 

Author Comment

by:bvagnoni
Comment Utility
do I need to cleanup meta data if I'm going to format the drive?

Thanks

Brian

referancing:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part2/adogdapb.mspx#E0EE0AA
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Just saw your other question, and I apologise for the confusion that you've encountered today as it was completely unnecessary. Normally you'd need to open another question to get support with this but I feel bad about what's happened so here you go, (Oh and please check my stats - I do know what I'm talking about and I never post if I don't ;-)

No you don't need to cleanup metadata. You only need to do that really when you're removing data that relates to a domain controller that no longer exists and that has left residual data in an active directory environment where other domain controllers still exist.. In your case you're only attempting an authoratative restore and as this is a single server only, once you reformat the drive there won't be an active directory anywhere to need to cleanup. Your sole copy of it will be on your backup.

Hope that's more helpful,

Deb :))
0
 
LVL 20

Expert Comment

by:Debsyl99
Comment Utility
Oh and for what it's worth - EE is very rarely like what you encountered earlier. I've been here for a while and haven't encountered that before. Don't lose faith in it, it's a massively useful resource as hopefully you'll see,

Best wishes and all the best

Deb :))
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now