Solved

How to rebuild corrupted Domain Controller

Posted on 2011-03-18
7
420 Views
Last Modified: 2012-08-13
Here is the situation.

We have a DC that was never backed up. The company data on the server was but not the system state, AD, etc.  There are 5 DC's throughout the domain.

The DC got corrupted and now it won't boot.  I am getting the error below after attempting to "repair" the Windows installation (see attached image).

Can I simply cleanup the metadata, reinstall Windows 2003 R2, give the server the same name / IP address and then promote it?

What else am I missing here?

This is a disaster situation for us here and the IT department definitely failed.  Now I'm just trying to minimize the downtime.

Any help would be appreciated.
2.jpg
0
Comment
Question by:homerslmpson
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 35167587
I would kill it - reload and reinstall.  Clean up the metadata and if you verify DNS and AD have no traces of the DC, you can reuse the same name/IP
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 125 total points
ID: 35167599
Fornmat and rebuild that failed DC. The run a metadatacleanup, see link below, and delete object from sites and serives. You can re-add the computer with the same and IP but some people prefer to give it a  new name. If you keep the same name make sure your other DCs are replicating properly, run repadmin and dcdiag to verify there are no errors after you do the metadatacleanup




http://support.microsoft.com/kb/216498
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 125 total points
ID: 35167708
Metadata cleanup.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Sieze any FSMO roles listed to another DC.

Delete all DNS records for this failed DC.

You can then proceed with rebuild
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Author Comment

by:homerslmpson
ID: 35167772
I got this from another website.  Does this seem like the right steps?

1. Type ntdsutil at the command prompt.
2. At the ntdsutil: prompt, type metadata cleanup and press [Enter].
3. If SP1 is installed, type remove selected server ServerName. (See Figure B.) If SP1 is not installed and you're using the version of Ntdsutil.exe that's included with Windows Server 2003with no service pack, connect to the existing domain controller (in ourcase, the one in the same site as the failed DC) on which you want to remove the failed DC's ntdsDSA object. To do this, type connections at the metadata cleanup prompt and press [Enter].
4. Type connect to server <servername>, where <servername>is the DC that will be used to clean the metadata, and press [Enter]. It can be any working DC in the same domain, but we'll use one in the same site. Figure C shows this step on a DC that does not have SP1 installed.
5. Type quit and press [Enter].
6. Type select operation target and press [Enter].
7. Type list domains and press [Enter]. All domains in the forest will be listed.
8. Type select domain <number> and press [Enter].
9. Type list sites and press [Enter].
10. Type select site <number> (the number of the site in which the DC was a member) and press [Enter].
11. Type list servers in site and press [Enter].
12. Type select server <number>, where <number>is that of the DC to be removed, and press [Enter].
13. Type quit and press [Enter].
14. Type remove selected server and press [Enter].
15. Type quit and press [Enter] until you're back at the command prompt.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 35167789
what other web site?

I'd use (often use so I don't have to memorize)Petri's version - google Petri metadata cleanup
0
 
LVL 1

Author Comment

by:homerslmpson
ID: 35167804
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35167860
Go with Petri
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question