Windows 2003 DC server - Restored by an old image - Any problems with current AD?
In one of my DCs, I intend to do a restore of an old image which I had (more than a year ago!)... My domain is Windows 2003 AD...
Before I connect the restored DC server in my domain (AD) can anyone tell me if I would have problems with the AD? The restored server has the state of more than a year ago... If connect it to the domain is there any possibility to mess my current AD???
I believe that after I connect the restored server to network I must first remove-it (or better reset account) and re-add it to domain (because after so long time, it could not work in the domain)... Is this remove-re-add to domain procedure hides any problems with my current state in the domain and in the Exchange server data (AD)?
Do I have to take any special precautions because this server is an DC of the AD? This is NOT the only DC in domain...
Thank you for your help...
Before I connect the restored DC server in my domain (AD) can anyone tell me if I would have problems with the AD? The restored server has the state of more than a year ago... If connect it to the domain is there any possibility to mess my current AD???
I believe that after I connect the restored server to network I must first remove-it (or better reset account) and re-add it to domain (because after so long time, it could not work in the domain)... Is this remove-re-add to domain procedure hides any problems with my current state in the domain and in the Exchange server data (AD)?
Do I have to take any special precautions because this server is an DC of the AD? This is NOT the only DC in domain...
Thank you for your help...
May I know the requirement for restoration of the image ?
ASKER
I suspect that maybe this server is infected... I did not update it (windows update) for a long time and now I have strange problems with my DNS...
That's why I intend to restore this old image... because it is for sure clean...
What is your suggestion for the procedure?
That's why I intend to restore this old image... because it is for sure clean...
What is your suggestion for the procedure?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ok reverting back to a restore image in this process is pointless and will give you more grief you need to tackle the issue I would begin with Anti Virus and running a scan in normal mode and failing this in safe mode.
What exactly is your problem with DNS?
If you have already made up your mind that you want to format this server then you need to transfer all the roles if this server holds the FSMO roles and any other roles / apps to another server before proceeding with this method
You can also use the Microsoft Malicious Software Removal Tool
What exactly is your problem with DNS?
If you have already made up your mind that you want to format this server then you need to transfer all the roles if this server holds the FSMO roles and any other roles / apps to another server before proceeding with this method
You can also use the Microsoft Malicious Software Removal Tool
Instead of restoring the Image..Install the OS manually and follow to install the ACtive directory
ASKER
I have another image of this server with no AD installed! So you suggest me to remove this server from AD (and any FSMO roles) and then restore the image with no AD, update the server to the latest, take an image and finally install again the AD?
Is this procedure safer?
Is this procedure safer?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have already install the SEPP and there is no virus infection... I suspect for spyware... that's why I want to restore to a clean state...
In that case please follow my last process once the server is promoted to a DC you can then move the FSMO roles back to this server if has the FSMO roles.
On the DC in question open a command prompt and type:
netdom query fsmo and press enter
It wil list all 5 AD FSMO roles and which server holds them
If this server does not hold the FSMO roles then transfer any other roles such as DNS and DHCP etc to another server and then format, patch, promote finally transfer the roles back if you can confirm that this DC holds the FSMO roles and any other roles I can give you better instructions on the process...
On the DC in question open a command prompt and type:
netdom query fsmo and press enter
It wil list all 5 AD FSMO roles and which server holds them
If this server does not hold the FSMO roles then transfer any other roles such as DNS and DHCP etc to another server and then format, patch, promote finally transfer the roles back if you can confirm that this DC holds the FSMO roles and any other roles I can give you better instructions on the process...
ASKER
OK thank you...
I wonder... if I can make a new installation of Win 2008 R2... instead of Win2003R2...
In my domain I do not have any 2008 servers and it was one of my next steps to try the 2008 R2...
Is there any possible problems if I add in my domain a Win2008R2 server?
Is there any possible problems if I add the new win2008R2 server as DC?
I wonder... if I can make a new installation of Win 2008 R2... instead of Win2003R2...
In my domain I do not have any 2008 servers and it was one of my next steps to try the 2008 R2...
Is there any possible problems if I add in my domain a Win2008R2 server?
Is there any possible problems if I add the new win2008R2 server as DC?
Your welcome, You will have no problems intoducing a 2008 R2 Server but you will need to extend the schema etc in order to introduce a 2008 R2 domain controller and I would strongly say go for it you get a lot of features with R2 such as an Active Directory recycle bin etc
I am assuming you are going to go with a 32bit 2008R2 DC if 64 bit you need to download the trial version of 32bit of if you have the media for 32bit and extract the relevenat files to be able to complete the schema updates etc, Daniel Petri's guide coves this
Here is a user friendly guide by Daniel Petri
http://www.petri.co.il/windows-server-2008-adprep.htm
Here is the Microsoft Technet Version
http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx
I am assuming you are going to go with a 32bit 2008R2 DC if 64 bit you need to download the trial version of 32bit of if you have the media for 32bit and extract the relevenat files to be able to complete the schema updates etc, Daniel Petri's guide coves this
Here is a user friendly guide by Daniel Petri
http://www.petri.co.il/windows-server-2008-adprep.htm
Here is the Microsoft Technet Version
http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx
Hi,
When ever u get System State Backup:
Active Directory:
Boot Files:
Certificate Servers:
Com+ Class Registry:
Registry :
Sysvol:
These things willl be backup with System State.
If u restore with old system state the newthings which create after system state will be lost.
Everything will go to previous state.
Please reply
What is u r requirement for System state restore.
R u connecting this as Primary DC?
If u connected it as primary DC, U will face lots of problem in that.
Or u r connecting this as a additional server or a BDC. No problem u can update all new things to the old.
When ever u get System State Backup:
Active Directory:
Boot Files:
Certificate Servers:
Com+ Class Registry:
Registry :
Sysvol:
These things willl be backup with System State.
If u restore with old system state the newthings which create after system state will be lost.
Everything will go to previous state.
Please reply
What is u r requirement for System state restore.
R u connecting this as Primary DC?
If u connected it as primary DC, U will face lots of problem in that.
Or u r connecting this as a additional server or a BDC. No problem u can update all new things to the old.
Hi,
If u restore the old system state u will be affect by some of in these like.
Registry - Including COM settings
SYSVOL - Group Policy and Logon Scripts
Active Directory NTDS.DIT (Domain Controllers)
Certificate Store (If the service is installed)
The System State has a specialist job namely, to restore the operating configuration files. Before you install a new application, driver or hotfix, think, 'what will be my fall back position if the server crashes?'. Microsoft's best practice would say: create a System State backup for the Windows 2003 operating system, then you can rollback if there is a problem.
Murphy's 9th law states, once you take these protective measures the application, driver or hotfix never gives any problem. However, the one time you forget to backup the system state, 'Murphy's 1st law' says, disaster will strike your unprotected server.
If u restore the old system state u will be affect by some of in these like.
Registry - Including COM settings
SYSVOL - Group Policy and Logon Scripts
Active Directory NTDS.DIT (Domain Controllers)
Certificate Store (If the service is installed)
The System State has a specialist job namely, to restore the operating configuration files. Before you install a new application, driver or hotfix, think, 'what will be my fall back position if the server crashes?'. Microsoft's best practice would say: create a System State backup for the Windows 2003 operating system, then you can rollback if there is a problem.
Murphy's 9th law states, once you take these protective measures the application, driver or hotfix never gives any problem. However, the one time you forget to backup the system state, 'Murphy's 1st law' says, disaster will strike your unprotected server.
ASKER
thank you for your reply...
In win 2003 AD there is no primary DC and backup DC... this is from an older domain structure...
Anyway, I will follow the previous stated procedure...
Thank you again...
In win 2003 AD there is no primary DC and backup DC... this is from an older domain structure...
Anyway, I will follow the previous stated procedure...
Thank you again...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What are you trying to achieve by doing this when you have other domain controllers in the forest?
http://technet.microsoft.com/en-us/library/cc526503.aspx