Forgotten DSRM recovery password

We have an AD server which was set up before any of the current IT staff were around - and unfortunately experienced a power cut in the night which appears to have corrupted AD. The message comes up saying that we need to boot to AD recovery mode - however no one knows the DSRM password!

We cannot boot into any Safe Mode in order to be able to use NTDSUTIL to reset the DSRM password - the server just restarts - I have tried doing it remotely from another server and get the message 'RPC Server Unavailable' - although that was to be expected!

I have tried booting from the Petri EBCD boot disk hoping I would be able to do it there - but unfortunately it doesn't recognise the RAID controller in the machine.

Any suggestions?

Thanks
Andy.
andrewpaceyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Toni UranjekConsultant/TrainerCommented:
Hi andrewpacey,

Download this tool: http://home.eunet.no/pnordahl/ntpasswd/
ISO image might contain drivers for your RAID.

HTH

Toni
0
andrewpaceyAuthor Commented:
Hi Toni,

Apologies - that is the utility I tried - I mistakenly said it was a Petri boot disk I tried - but Petri was the website I linked from through to the download you specify.

Andy.
0
Toni UranjekConsultant/TrainerCommented:
Then try also: http://www.ubcd4win.com/
and: http://www.hiren.info/pages/bootcd

Is this the only DC in your network?
Does it hold any of the FSMO roles?
Which other roles run on this server?

It might be easier to reformat, perform metadata cleanup and run dcpromo again?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

andrewpaceyAuthor Commented:
OK, trying UBCD shortly.

No, there is another DC on the network.

All FSMO roles are held on the other (working!) server.

The server does nothing else except AD and file serve.

Thanks
Andy.
0
Toni UranjekConsultant/TrainerCommented:
Do you have ASR backup?
Do you have current backup of user's files stored on file server?

If/when you reset DSRM password, there is no guarantee, that you will repair AD also.  If you are in a hurry and have proper backup, reformatting might be cheaper and faster.
0
andrewpaceyAuthor Commented:
Hi,

OK - I've reset the DSRM password using the UBCD - phew!

Now I'd like to just remove AD from the server, but it won't allow me to run DCPROMO in DSRM mode.

Any suggestions?

I'm not fussed about this server returning to a domain controller as there are two others on site.

Thanks
Andy.
0
andrewpaceyAuthor Commented:
Thanks for the help - UBCD worked.
0
Toni UranjekConsultant/TrainerCommented:
"dcpromo" can not be run in DSRM mode. Can you login to domain? Restore the latest System State Backup. Replication should take care of the rest.
0
andrewpaceyAuthor Commented:
Cannot log into the domain - and unfortunately the Network Manager there does not take backups of the System State. Have tried running ntdsutil recovery tools and just get an error saying a file is missing.

I've left it in DSRM mode for the time being - it seems to happily serve files in that mode, which is all that is needed - then during the half term next week (it's a school) the Network Manager is going to re-install W2K3.

I'm assuming it wouldn't be a wise idea to copy the contents of the NTDS folder from another (working) DC and put them on the faulty one?

Andy.
0
Toni UranjekConsultant/TrainerCommented:
No, if you won't repair DC, then just format DC.

Then remove data from dead DC from your AD with the following procedure:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

After clean install run dcpromo again and add server to domain, replication will take care of the rest.
0
the_it_engineerCommented:
Which password reset tool in UBCD did you use to reset the DSRM password?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.