[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Single Domain, Single Controller: Reinstall Server 2003 / Active Directory

Posted on 2009-12-23
Medium Priority
Last Modified: 2012-05-08

First off, a brief overview of the environment: very simple and straight-forward. This is a single domain MYDOMAIN with a single domain controller MYDC running Server 2003 Std Edition SP2 with Active Directory. MYDC does not run Exchange, but it does run SQL Server 2005 and hosts mission-critical SQL databases. The databases are hosted on non-system partitions. The environment hosts ~12 workstations with 10 active users.

What I am looking at doing is re-creating the domain from 'scratch' but with the same domain name and controller while preserving all of the non-system partition's data. I've decided this is likely the best course of action as the configuration has become a mess and I'm hoping it will not be too painful due to the size of the domain. This is where I would like all of your input. The domain appears to be fully functional at this point, but (and this is one of the reasons I feel this is necessary) I did have to run a lossy repair of the NTDS database using esentutl /p as well as restore the \Windows\System32\Config\ directory from \Repair\.

I'm not sure how interested any of you are in backstories, but I will be more than happy to post the details of how it got to this point if someone cares to know; however, for the sake of keeping this post relatively succinct I've opted to exclude it for the time being.

On to the questions: Because this is the only domain controller, I can only assume that I do not need to worry about transferring FSMO roles as MYDC will be assuming all of the roles once again upon recreation, am I correct?

I can still access all of the configuration information (dns, ad, sql) if needed, but because of the size of the environment, manually recreating the AD is not something I am against.

Basically what I would like to know is what sort of issues do you foresee with booting to the Windows Server 2k3 CD and wiping the C: partition and reinstalling 2k3, reinstalling SP2, reinstalling SQL Server 2005 and Service Packs, re-mounting the mission-critical database, manually re-creating the 10 user logins, and rejoining the ~12 workstations to the "new" domain? How transparent to the end-user could this operation be if carefully executed? I would like them to be able to continue in a 'business as usual' capacity within a day or two at the most. Granted there are many other pieces of the domain's configuration I will need to re-create; printers, shares, etc, but with proper documentation this SHOULD be feasible...

Sorry for the length. Thanks in advance!
Question by:alright
  • 3
  • 2
  • 2
LVL 70

Accepted Solution

KCTS earned 1000 total points
ID: 26115381
be aware, that if you build the domain again from scratch, even if you use the same domain name etc, then it will be a new domain. You will need to disjoin all clients from the old domain and join them to the new domain, you will also need to re-create all the user accounts etc
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 26115404
What about just putting up a second DC in that domain instead of recreating the domain?   I'd recommend a second DC anyway, even in a small environment.
If you do recreated you will have to transfer the profile settings because they will have a new SID  and new profile, but with 10 users it shouldn't be painful at all.  
How many printers do you have,  print migrator can help with that, but if if is only a small number of printers then creating them will be easy too.

Author Comment

ID: 26115473
Wow thanks for the quick responses. @KCTS: I've considered this and find it shouldn't be a problem.

@mkline71: Unfortunately, I don't have the hardware to run a second DC even though I know it is certainly best-practice... I'll be looking into doing this later. Additionally, I don't want to bring up a second DC and replicate the corrupted AD database to it, so getting a fresh start seems ideal.

There are only a handful of printers so manually re-creating those is perfectly acceptable.

I think my biggest concern is with SQL. As I said the database runs their mission-critical field-specific software program that they completely rely upon for day-to-day operations. Are there best-practices or white-papers for, what I suppose is in essence, migrating a database between two SQL 2005 servers?
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

LVL 57

Expert Comment

by:Mike Kline
ID: 26115484
Even a 200-300 PC would be ok (better than nothing) for the second DC.
I'll let the SQL guys jump in on that migration...don't want to blow smoke about my SQL knowledge :)
LVL 70

Expert Comment

ID: 26115486
The SQL database itself will be OK, but if users are using windows authentication to connect to it, then you will have to add the new users/groups

Author Comment

ID: 26115549
@KCTS: Noted. I'll contact the software manufacturer to get their input on the migration. The users have a front-end software client that they use their individual credentials to log in to. I believe all interaction with the SQL DB is then handled by the program using a single SQL DB user account... but as you can see I'm a little fuzzy on this.

The more I think about it the less intimidating it is seeming (I'm still not anxious to do it!). Thanks for the inputs, I'll be stepping out to lunch - if I think of any other concerns while I'm out I'll be sure to ask for advice.

Author Comment

ID: 26115560
Oh a question before I step out; do you think I should pull any configuration info from SQL Management Studio before I wipe it? Maintenance Plans perhaps? All I *need* is the .mdf and transaction log, yeah?

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question