?
Solved

Windows Server 2003 AD Directory Services Restore Mode

Posted on 2004-11-15
8
Medium Priority
?
381 Views
Last Modified: 2010-04-19
Attempting to restore W2K3 Domain Controller after failure.  Was able to replicate AD prior to failure. Succesfully (to a point) used Automated System Recovery to restore System State.  
Server than reboots and errors out on Rebuilding AD Indices (or something close) error is lsass.exe and wants to boot into Directory Services Restore Mode (DSRM). Boot into DSRM, when attempting to log on with Administrator and the DSRM password message pops: "cannot locate domain."

This DC is physically located in the US and is a Child of a domain where the parent is in the UK.  All servers W2k3.
Bandwith is a T1 between sites.
I have been told by "higher ups" that the distance between the sites does not matter.  

Question are: Could the distance between child and parent be an issue?
is there a specific port that uses DSRM? (Since AD was replicating the correct ports are open for that)
Is there any way around this issue short of a rebuild?
0
Comment
Question by:jericpaulson
  • 4
  • 3
8 Comments
 
LVL 11

Expert Comment

by:WeHe
ID: 12588475
the administrater password for DSRM is not a domain account.
it's the password you set while dcpromo'ing.
but i would do the following to keep downtime short:
install a plain w2k3 + hotfixes you had.
install backup software.
restore the hole DC. All drives + Systemstate.
Reboot the DC and wait untill AD Replication has done it's work.
as soon as netlogon service is started, it should be back in business again.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 12589810
Does following this article correct your issue?

http://support.microsoft.com/default.aspx?scid=kb;en-us;258062

It should do the trick - read it carefully - you're going to be working with important files.

Advise.

0
 

Author Comment

by:jericpaulson
ID: 12593027
Thank you both for your feedback

WeHe - The name used for the DSRM is Administrator.  The password was set during dcpromo.  

My limited understanding of DSRM is that AD is not running on the box and the log on is trying to connect with the Domain that it was joined to.  During the dcpromo this machine was added as a DC in a child domain in an existing Domain etc.  So in this instance during the sign in the DSRM user/password is trying to contact the parent.  The "Log On to" option is the parent domain or workgroup.  Both options come back "Cannot Locate Domain"

Netman66- Article will prove to be helpful once I am on the machine booted into DSRM.  My issue is that I cannot get past the log on portion, please see above.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 12593755
Your DSRM password is not stored in AD - it's stored in the local SAM.  This is why you have two different accounts - one is for the Recovery Console and one is for the Active Directory.

If you can't remember the Recovery Console account and password, I think you can boot with a Windows 2000 CD and use Recovery Console from it with no credentials.

Advise.
0
 

Author Comment

by:jericpaulson
ID: 12594159
Netman66-  If DSRM stored in SAM than would need to log onto the local machine with the DSRM user and Password yes?

Will be trying later this afternoon at 4pm EST.  WIll let you know.  

Thank you again.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 12594283
Yes.
0
 

Author Comment

by:jericpaulson
ID: 12599953
Netman66  thank you that got me in.  
0
 
LVL 51

Expert Comment

by:Netman66
ID: 12600070
Glad to assist.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question