Solved

SBS2003 Domain Controller AD corrupt

Posted on 2010-08-27
8
1,007 Views
Last Modified: 2012-06-27
I have a client running Windows SBS 2003 as their single server, domain controller, file sharing, printing, etc.  It has been running for about 2.5 years now without issue.  One of the disks failed last week so a repalcement was sent from HP.  it is running RAID 5 so no loss.

They replaced the failed disk today and booted the server.  The array rebuilt itself and all seemed well, but windows will not load.  The error:

Security Accounts Manager initialization failied becuase of the following error: Directory Service cannot start. Error Status 0xc00002e1.  Please click ok to shutdown and reboot into Directory Services Restore Mode and review the event log for more detailed information.

I rebooted into DSRM and the event log just showed me the same message, nothing else notable.  I found an article on EE regarding this that pointed to MS KB 258062.  I followed all the steps and the only thing notable is the AD is corrupt.  

To further things, the client has no good system state backup which at this point is leaving me having to rebuild the domain, this isnt really a big deal since the AD was small, 10 clients and nothing special as far as GPO so I am ok with that.  

The problem, and as a result my question is:  How do I remove the AD to reinstall it and build a new domain for them?  I cannot boot into normal mode as the error described above comes up and reboots the machine.  While in DSR Mode I cannot run DCPromo to demote the server as it tells me to go to normal mode.   this is my first like this.  Any sort of detailed steps are greatly appreciated.

I am not in a position to reinstall windows as all their other data is on there, and naturally not backed up properly.

BTW, the lossy repair didnt help.  I did find a old system state from 11 months ago, but that didnt work either.

Thanks
0
Comment
Question by:TheMetalicOne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 13

Accepted Solution

by:
eatmeimadanish earned 400 total points
ID: 33543324
0
 
LVL 17

Assisted Solution

by:aoakeley
aoakeley earned 100 total points
ID: 33547761
> I have a client........   and naturally not backed up properly......
I hopy your other clients are backed up...

Anyway @eatme has posted a good article and you should do everything you can to recover AD. if you have to start from scratch it is a long and painful process, even if it is only 10 users.

However in rebuilding the domain, as it is sbs, you should really re-install windows. So this means backing up all the data, wiping the server, re-installing. This will give you a clean start, andthing else will probaby leave issues down the track.

If backing up and re-installing is absolutely not an option you can remove AD and then DCPROMO the server again. You will then need to uninstall and re-install exchange, and manually put it all back together again. not a simple task. Especially exchange, as the database needs AD to be preserved to mount.

I would be trying to do the AD restore from the old backup.... what happened when you tried this? you say it did not work... what happened?

But all other advice aside and to actually answer your question which was "how do I run dcpromo if the server cannot boot into normal mode"
http://support.microsoft.com/kb/332199 tells you how to get the server to boot in normal mode without AD if you insist on using dcpromo /forceremoval. but I would only do this if to are 200% certain every other avenue has been exhausted.
0
 
LVL 5

Author Comment

by:TheMetalicOne
ID: 33547866
Thank you for your comment. By client I mean new client. Yes, my typical clients are always backed up.

Said nothing about exchange. Happily it is not a factor.

Every possible thing was done to recover the ad. I found the article about changing the registry entry to ServerNT and that helped me get into normal mode to remove and re-add the ad. After 4 hours all stations are back online with a new ad setup.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Author Closing Comment

by:TheMetalicOne
ID: 33547887
Thanks for the info.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33548093
Awesome - Good job.

Sorry about assuming exchange; but you said SBS, and I did not want to send you down a path that would have resulted in you losing your exchange database had you had one, but just not considered it yet.

The article I posted directly answered your question with a direct link to the article that explained "about changing the registry entry to ServerNT"

confused why no points... but glad you got the issue resolved.
0
 
LVL 5

Author Comment

by:TheMetalicOne
ID: 33550536
Sorry about the points.  Mistake, can I make an adjustment?
 
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33551359
You can hit request attention at the top of the post, and ask a mod to change it.

Ta

Andy
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question