Single Domain, Single Controller: Reinstall Server 2003 / Active Directory

Posted on 2009-12-23
Last Modified: 2012-05-08

First off, a brief overview of the environment: very simple and straight-forward. This is a single domain MYDOMAIN with a single domain controller MYDC running Server 2003 Std Edition SP2 with Active Directory. MYDC does not run Exchange, but it does run SQL Server 2005 and hosts mission-critical SQL databases. The databases are hosted on non-system partitions. The environment hosts ~12 workstations with 10 active users.

What I am looking at doing is re-creating the domain from 'scratch' but with the same domain name and controller while preserving all of the non-system partition's data. I've decided this is likely the best course of action as the configuration has become a mess and I'm hoping it will not be too painful due to the size of the domain. This is where I would like all of your input. The domain appears to be fully functional at this point, but (and this is one of the reasons I feel this is necessary) I did have to run a lossy repair of the NTDS database using esentutl /p as well as restore the \Windows\System32\Config\ directory from \Repair\.

I'm not sure how interested any of you are in backstories, but I will be more than happy to post the details of how it got to this point if someone cares to know; however, for the sake of keeping this post relatively succinct I've opted to exclude it for the time being.

On to the questions: Because this is the only domain controller, I can only assume that I do not need to worry about transferring FSMO roles as MYDC will be assuming all of the roles once again upon recreation, am I correct?

I can still access all of the configuration information (dns, ad, sql) if needed, but because of the size of the environment, manually recreating the AD is not something I am against.

Basically what I would like to know is what sort of issues do you foresee with booting to the Windows Server 2k3 CD and wiping the C: partition and reinstalling 2k3, reinstalling SP2, reinstalling SQL Server 2005 and Service Packs, re-mounting the mission-critical database, manually re-creating the 10 user logins, and rejoining the ~12 workstations to the "new" domain? How transparent to the end-user could this operation be if carefully executed? I would like them to be able to continue in a 'business as usual' capacity within a day or two at the most. Granted there are many other pieces of the domain's configuration I will need to re-create; printers, shares, etc, but with proper documentation this SHOULD be feasible...

Sorry for the length. Thanks in advance!
Question by:alright
    LVL 70

    Accepted Solution

    be aware, that if you build the domain again from scratch, even if you use the same domain name etc, then it will be a new domain. You will need to disjoin all clients from the old domain and join them to the new domain, you will also need to re-create all the user accounts etc
    LVL 57

    Assisted Solution

    by:Mike Kline
    What about just putting up a second DC in that domain instead of recreating the domain?   I'd recommend a second DC anyway, even in a small environment.
    If you do recreated you will have to transfer the profile settings because they will have a new SID  and new profile, but with 10 users it shouldn't be painful at all.  
    How many printers do you have,  print migrator can help with that, but if if is only a small number of printers then creating them will be easy too.

    Author Comment

    Wow thanks for the quick responses. @KCTS: I've considered this and find it shouldn't be a problem.

    @mkline71: Unfortunately, I don't have the hardware to run a second DC even though I know it is certainly best-practice... I'll be looking into doing this later. Additionally, I don't want to bring up a second DC and replicate the corrupted AD database to it, so getting a fresh start seems ideal.

    There are only a handful of printers so manually re-creating those is perfectly acceptable.

    I think my biggest concern is with SQL. As I said the database runs their mission-critical field-specific software program that they completely rely upon for day-to-day operations. Are there best-practices or white-papers for, what I suppose is in essence, migrating a database between two SQL 2005 servers?
    LVL 57

    Expert Comment

    by:Mike Kline
    Even a 200-300 PC would be ok (better than nothing) for the second DC.
    I'll let the SQL guys jump in on that migration...don't want to blow smoke about my SQL knowledge :)
    LVL 70

    Expert Comment

    The SQL database itself will be OK, but if users are using windows authentication to connect to it, then you will have to add the new users/groups

    Author Comment

    @KCTS: Noted. I'll contact the software manufacturer to get their input on the migration. The users have a front-end software client that they use their individual credentials to log in to. I believe all interaction with the SQL DB is then handled by the program using a single SQL DB user account... but as you can see I'm a little fuzzy on this.

    The more I think about it the less intimidating it is seeming (I'm still not anxious to do it!). Thanks for the inputs, I'll be stepping out to lunch - if I think of any other concerns while I'm out I'll be sure to ask for advice.

    Author Comment

    Oh a question before I step out; do you think I should pull any configuration info from SQL Management Studio before I wipe it? Maintenance Plans perhaps? All I *need* is the .mdf and transaction log, yeah?

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now