Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SBS2003 Domain Controller AD corrupt

Posted on 2010-08-27
8
Medium Priority
?
1,009 Views
Last Modified: 2012-06-27
I have a client running Windows SBS 2003 as their single server, domain controller, file sharing, printing, etc.  It has been running for about 2.5 years now without issue.  One of the disks failed last week so a repalcement was sent from HP.  it is running RAID 5 so no loss.

They replaced the failed disk today and booted the server.  The array rebuilt itself and all seemed well, but windows will not load.  The error:

Security Accounts Manager initialization failied becuase of the following error: Directory Service cannot start. Error Status 0xc00002e1.  Please click ok to shutdown and reboot into Directory Services Restore Mode and review the event log for more detailed information.

I rebooted into DSRM and the event log just showed me the same message, nothing else notable.  I found an article on EE regarding this that pointed to MS KB 258062.  I followed all the steps and the only thing notable is the AD is corrupt.  

To further things, the client has no good system state backup which at this point is leaving me having to rebuild the domain, this isnt really a big deal since the AD was small, 10 clients and nothing special as far as GPO so I am ok with that.  

The problem, and as a result my question is:  How do I remove the AD to reinstall it and build a new domain for them?  I cannot boot into normal mode as the error described above comes up and reboots the machine.  While in DSR Mode I cannot run DCPromo to demote the server as it tells me to go to normal mode.   this is my first like this.  Any sort of detailed steps are greatly appreciated.

I am not in a position to reinstall windows as all their other data is on there, and naturally not backed up properly.

BTW, the lossy repair didnt help.  I did find a old system state from 11 months ago, but that didnt work either.

Thanks
0
Comment
Question by:TheMetalicOne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 13

Accepted Solution

by:
eatmeimadanish earned 1600 total points
ID: 33543324
0
 
LVL 17

Assisted Solution

by:aoakeley
aoakeley earned 400 total points
ID: 33547761
> I have a client........   and naturally not backed up properly......
I hopy your other clients are backed up...

Anyway @eatme has posted a good article and you should do everything you can to recover AD. if you have to start from scratch it is a long and painful process, even if it is only 10 users.

However in rebuilding the domain, as it is sbs, you should really re-install windows. So this means backing up all the data, wiping the server, re-installing. This will give you a clean start, andthing else will probaby leave issues down the track.

If backing up and re-installing is absolutely not an option you can remove AD and then DCPROMO the server again. You will then need to uninstall and re-install exchange, and manually put it all back together again. not a simple task. Especially exchange, as the database needs AD to be preserved to mount.

I would be trying to do the AD restore from the old backup.... what happened when you tried this? you say it did not work... what happened?

But all other advice aside and to actually answer your question which was "how do I run dcpromo if the server cannot boot into normal mode"
http://support.microsoft.com/kb/332199 tells you how to get the server to boot in normal mode without AD if you insist on using dcpromo /forceremoval. but I would only do this if to are 200% certain every other avenue has been exhausted.
0
 
LVL 5

Author Comment

by:TheMetalicOne
ID: 33547866
Thank you for your comment. By client I mean new client. Yes, my typical clients are always backed up.

Said nothing about exchange. Happily it is not a factor.

Every possible thing was done to recover the ad. I found the article about changing the registry entry to ServerNT and that helped me get into normal mode to remove and re-add the ad. After 4 hours all stations are back online with a new ad setup.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 5

Author Closing Comment

by:TheMetalicOne
ID: 33547887
Thanks for the info.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33548093
Awesome - Good job.

Sorry about assuming exchange; but you said SBS, and I did not want to send you down a path that would have resulted in you losing your exchange database had you had one, but just not considered it yet.

The article I posted directly answered your question with a direct link to the article that explained "about changing the registry entry to ServerNT"

confused why no points... but glad you got the issue resolved.
0
 
LVL 5

Author Comment

by:TheMetalicOne
ID: 33550536
Sorry about the points.  Mistake, can I make an adjustment?
 
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33551359
You can hit request attention at the top of the post, and ask a mod to change it.

Ta

Andy
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question