Restoring server from 9 month old image - urgent

Posted on 2007-08-08
Last Modified: 2010-04-18
I have been forced to restore a 9 month old disk image. The Microsoft 2003 server domain controller is now exactly as it was 9 months ago in every way.
Fortunately I have the latest backups of all users home directories and users profiles. I used the standard windows Backup program.
Hopefully there wont be a problem in restoring the Home user documents.  But what about user profiles?  What worries me are date stamps.  All the restored profiles will be dated from yesterday while the rest of the system thinks it is nine months ago.  Are there issues here that I must address.

I need an urgent and clear response to this now before I go further.  

Question by:Alistair7
    LVL 5

    Expert Comment

    is it a single dc or are there others?

    If you restore the home folders and Profiles there shouldn't be an issue.

    you will have to reset everybodies password and all group membership changes the last months..
    or if you have an other DC in your domain you could rebuild the server from scratch and promote it to make sure you get a new DC role. and after that just file restore on the data. There shouldn't be any issues if you keep the same shares. and if you are using offline folders make sure you delete de old dc from the domain and than recreate the server with the same name!

    let me know if you have more than one dc.. I can help you more than.. I know it's tough to recover (had to go through it a couple of times myself ;o(  
    LVL 5

    Expert Comment

    OHHH just to be sure ..

    with delete the server from the domain I don't mean just rightclicking the object and selecting delete. You will have to do a forrest cleanup since the domaincontroller is gone!

    good luck

    Author Comment

    I have only 1 server which of course is a DC.
    So you think that after I have restored the user profiles, none of their passwords will work?

    2nd question: when I restore yesterdays Profiles and Home folders, will yesterdays permissions also be maintained?
    LVL 5

    Expert Comment

    hmmm that's going to be an issue.

    since you do not have a backup of the system state you will not have a backup of the current credentials..

    the user objects with thus go back 9 months aswell... password / groupmemberships / rights everything.

    if you have a backup with credentials you could try to recover theses aswell but since there could be new users which wouldn't be in AD there will be problems. also you most realize that the computer accounts will not work either.. so you will have to rejoin all the computer accounts aswell!

    I'm sorry to say but you are in trouble..  

    Author Comment

    actually I did take a backup of the system state yesterday.  But I am worried that if I restore that, that I will end up with the same problem I had with a SYSVOL File replication service journal wrap as you can see in the following:

    I also had a bad problem developing with Norman antivirus on the server.

    2 reasons to return to a previous image.
    LVL 5

    Expert Comment

    have you already done anything to the server?

    if not I would strongly suggest not taking the machine down..

    get a system state backup.. take an other machine (doesn't have to be a server) install windows 2003 server on it and promote it (also move the mayor roles). if that works you can rebuild your server and promote it and than take out the temp dc..

    if it doesn't work try the same but instead of a promote you could try to restore the system state on the temp 2003 machine.. if that works you can rebuild the server without a problem and than just promote it and move all the roles over to the new installed server.

    if that both fails ..
    I would build a new domain on a temp machine and migrate .. rebuild the server and move the data back.

    Author Comment

    I have never worked with multiple servers.  I forsee a lot of work in that direction.

    I only have 40 computers and 70 users here and can live with:
    - rejoining computer accounts
    - changing passwords
    - having to reinstall a couple of missing user accounts
    - fixing a few minor permission problems

    If these are the only problems I can expect after restoring the Profiles and Home folders using the 2003 Backup Utility, then I would like to continue in this direction.

    What do you think?
    Should I also reinstall "some" or "all" elements of the system state backup from yesterday.  Could that risk reintroducing the same SYSVOL problem I'm escaping?
    LVL 5

    Accepted Solution

    Trust me ... installing 2003 and doing a promotion in one subnet is not a whole lot of work. AD does almost everything on the fly.

    with that many computers and users I would invest in multiple dc's anyway.

    you could install the secundairy dc on a simple tower pc it's not going to do a lot of stuff if it's only there for the domain controller backup role.
    if the server isn't down now I wouldn't take it down and thus taking your users down with any desktop you can put next to it you can save your domain without hassling the users

    with a propper secundairy domain fixing this would have been a matter of minutes unlike now..

    the stuff with which you can live with is only the stuff I'm sure you will get problems with..

    your problem of the sysvol getting corrupt may even just return since it's out dated..

    atleast if your going through with it just try it on a different box first! (don't connect it to the network just on a local machine and connect 1 pc to it to see what it does..)


    Author Comment

    Sorry for the long delay in replying.

    I restored "yesterdays" profiles and home folders.  No problem with passwords and credentials so far. (1 month)
    Looks like I was very lucky. The server is stable and appears to be fine in every way.

    Thanks so much for all your advice.  It was very informative.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now