Solved

How to rebuild corrupted Domain Controller

Posted on 2011-03-18
7
427 Views
Last Modified: 2012-08-13
Here is the situation.

We have a DC that was never backed up. The company data on the server was but not the system state, AD, etc.  There are 5 DC's throughout the domain.

The DC got corrupted and now it won't boot.  I am getting the error below after attempting to "repair" the Windows installation (see attached image).

Can I simply cleanup the metadata, reinstall Windows 2003 R2, give the server the same name / IP address and then promote it?

What else am I missing here?

This is a disaster situation for us here and the IT department definitely failed.  Now I'm just trying to minimize the downtime.

Any help would be appreciated.
2.jpg
0
Comment
Question by:homerslmpson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 35167587
I would kill it - reload and reinstall.  Clean up the metadata and if you verify DNS and AD have no traces of the DC, you can reuse the same name/IP
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 125 total points
ID: 35167599
Fornmat and rebuild that failed DC. The run a metadatacleanup, see link below, and delete object from sites and serives. You can re-add the computer with the same and IP but some people prefer to give it a  new name. If you keep the same name make sure your other DCs are replicating properly, run repadmin and dcdiag to verify there are no errors after you do the metadatacleanup




http://support.microsoft.com/kb/216498
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 125 total points
ID: 35167708
Metadata cleanup.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Sieze any FSMO roles listed to another DC.

Delete all DNS records for this failed DC.

You can then proceed with rebuild
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:homerslmpson
ID: 35167772
I got this from another website.  Does this seem like the right steps?

1. Type ntdsutil at the command prompt.
2. At the ntdsutil: prompt, type metadata cleanup and press [Enter].
3. If SP1 is installed, type remove selected server ServerName. (See Figure B.) If SP1 is not installed and you're using the version of Ntdsutil.exe that's included with Windows Server 2003with no service pack, connect to the existing domain controller (in ourcase, the one in the same site as the failed DC) on which you want to remove the failed DC's ntdsDSA object. To do this, type connections at the metadata cleanup prompt and press [Enter].
4. Type connect to server <servername>, where <servername>is the DC that will be used to clean the metadata, and press [Enter]. It can be any working DC in the same domain, but we'll use one in the same site. Figure C shows this step on a DC that does not have SP1 installed.
5. Type quit and press [Enter].
6. Type select operation target and press [Enter].
7. Type list domains and press [Enter]. All domains in the forest will be listed.
8. Type select domain <number> and press [Enter].
9. Type list sites and press [Enter].
10. Type select site <number> (the number of the site in which the DC was a member) and press [Enter].
11. Type list servers in site and press [Enter].
12. Type select server <number>, where <number>is that of the DC to be removed, and press [Enter].
13. Type quit and press [Enter].
14. Type remove selected server and press [Enter].
15. Type quit and press [Enter] until you're back at the command prompt.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 35167789
what other web site?

I'd use (often use so I don't have to memorize)Petri's version - google Petri metadata cleanup
0
 
LVL 1

Author Comment

by:homerslmpson
ID: 35167804
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35167860
Go with Petri
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question