Link to home
Create AccountLog in
Avatar of Tunkkaamo
TunkkaamoFlag for Finland

asked on

Restore active directory from windows old?

how to restore active directory from files on c:\windows.old\Windows\NTDS ?
Avatar of Krzysztof Pytko
Krzysztof Pytko
Flag of Poland image

You need to have system state backup of DC to be able to restore AD
If you have no system state backup then you have serious problem.

Avatar of Tunkkaamo


That I do not have..
I have an other DC in the network, but it is saying cannot find domain controller, although it should be one itself.

This is most likely due to the fact that the running DC is a WS3003 SMB that was added as a dc with the WS 2008.
Could you elaborate it a little bit more, please?

What is DC WS2003 SMB ? Maybe 2003 SBS ?
what is WS 2008 ? Is it DC or workstation ?

Thank you in advance.

use this link, it solves the curropted AD database file, but you can use the steps to restore

or this solution from

If you have another DC, my recommendation is to add another DC using “additional DC for an existing domain” option.


Make sure to demote or remove the bad DC from the directory.  If you can’t successfully remote the DC, you need to perform a metadata cleanup.  Here is GUI for the metadata process:
Yes of course: Aparently there was previously only one DC, the the 2003 SBS.
Then a WS2008 (server ofcourse) was added as asecond DC.
The 2003 SBS was prepped to accept the new server in the domain (by default in SBS domain there is only one DC).

This worked fine until now the new server malfunctioned badly and the operating system was reinstalled.
Usually this would not create big problem as there is two DC;s in the domain but in this case the old 2003 SBS refuses to act as a DC anymore also, thus the problem.

Since the new server was not formatted, only windoes installed to the drive and old OS in the windows.old, we still have the NTDS folder instact there.

The question is would it be possible to restore this data on the new server.
Becouse if not I have to create the entire domain from scratch, which can of course be done as this is a small environment (a cargo ship actually) but I would of course rather not go though the trouble.
Sorry about the typos, working over slow connection.
OK, now I see. Unfortunately it's not possible to restore such way. But if your Windows 2008 DC is up and running, use NTDSUTIL for seize FSMO roles and do metadata cleanup to clean old SBS DC entries. Then install SBS and promote it as DC and transfer all FSMO roles back to it.

This MIcrosoft article helps you with FSMO seizing

and this one with metadata cleanup

Seems the seize FSMO roles is not possibl as is not the “additional DC for an existing domain” option.
If I try to rejoin this WS2008 server to the domain the error is an active direcroty controller for blaablaa.local cannot be contacted"

As I said, the OS was reinstalled so there is no AD - DC running on this new server anymore.

The old server is also not running AD - service since the new one was off.

Thanks for any ideas.
I do not know if it will work, but you can try
- copy the files under the location (c:\windows.old\Windows\NTDS ) to diffrent directory
- go to the location and chaneg the file name of the exicting file ( like add 1 after each filename, keeping the ext.)
- activate the AD service on the new installed server
- copy the files under c:\windows.old\Windows\NTDS ( after chning the names for it ) to ( c:\windows\NTDS)

then use the link
 to restore the AD database selecting the files that you changed the name of.

try and feedme back
After copying the files to c:\windows\ntds I cannot boot to he os at all anymore.
It falls back to look for the PXE boot.

I did rename the files.

Following the Micrososft instructions on the kb, the f8 puts me into RAID conf. mode not into the Directory Services Restore mode.
Ok, after a while it did boot to normal OS again.

I can run the ntdsutil from command line but it compalins about instance not activated.

What is the correct format to write this?  If I put  "Activate Instance c.\windows\NTDS\ntds1.dit" as command the result is " filname, syntax etc.. not correct"
ok, try to change the name the new files ( after activating the AD ) then name the old files to original
- first change the ntds.dit to ntds2.dit and so as for all other files
- then, name the ntds1.dit back to ntds.dit and so for the other files, then try again
What do you mean with "Activate AD"- IF installing AD role after base installation, that is done.

You lost me a little bit on the rename routine: What I did first was to copy NTDS old to new location, then renamed the new files with the "1" option.
Then copied that NTDS to c:\windows.
Note that there was no NTDS folder to start with.
The AD role is added but no new domain or join to existing domain was done.
Thanks anyway for all help.
Would be nice to find a solution if for nothing more, afuture reference for somebody else.

Think I will re-create the domain here.
Funny thing is the other DC refuses to work also.

Or maybe I could try the ntdsutil there?
MAybe waste of time as it is WS2003 and it had to specially prepped to work with the WS2008 DC.
Avatar of Tunkkaamo
Flag of Finland image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Case closed for now.
case closed.
Actual problem not solved, but learned that from old NTDS files only not possible restore AD database.

In an environment where old SBS server and WS 2008 DC exist, it is vital to have working backup of system state of WS 2008 server.