Solved

How to rebuild corrupted Domain Controller

Posted on 2011-03-18
7
391 Views
Last Modified: 2012-08-13
Here is the situation.

We have a DC that was never backed up. The company data on the server was but not the system state, AD, etc.  There are 5 DC's throughout the domain.

The DC got corrupted and now it won't boot.  I am getting the error below after attempting to "repair" the Windows installation (see attached image).

Can I simply cleanup the metadata, reinstall Windows 2003 R2, give the server the same name / IP address and then promote it?

What else am I missing here?

This is a disaster situation for us here and the IT department definitely failed.  Now I'm just trying to minimize the downtime.

Any help would be appreciated.
2.jpg
0
Comment
Question by:homerslmpson
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 35167587
I would kill it - reload and reinstall.  Clean up the metadata and if you verify DNS and AD have no traces of the DC, you can reuse the same name/IP
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 125 total points
ID: 35167599
Fornmat and rebuild that failed DC. The run a metadatacleanup, see link below, and delete object from sites and serives. You can re-add the computer with the same and IP but some people prefer to give it a  new name. If you keep the same name make sure your other DCs are replicating properly, run repadmin and dcdiag to verify there are no errors after you do the metadatacleanup




http://support.microsoft.com/kb/216498
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 125 total points
ID: 35167708
Metadata cleanup.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Sieze any FSMO roles listed to another DC.

Delete all DNS records for this failed DC.

You can then proceed with rebuild
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:homerslmpson
ID: 35167772
I got this from another website.  Does this seem like the right steps?

1. Type ntdsutil at the command prompt.
2. At the ntdsutil: prompt, type metadata cleanup and press [Enter].
3. If SP1 is installed, type remove selected server ServerName. (See Figure B.) If SP1 is not installed and you're using the version of Ntdsutil.exe that's included with Windows Server 2003with no service pack, connect to the existing domain controller (in ourcase, the one in the same site as the failed DC) on which you want to remove the failed DC's ntdsDSA object. To do this, type connections at the metadata cleanup prompt and press [Enter].
4. Type connect to server <servername>, where <servername>is the DC that will be used to clean the metadata, and press [Enter]. It can be any working DC in the same domain, but we'll use one in the same site. Figure C shows this step on a DC that does not have SP1 installed.
5. Type quit and press [Enter].
6. Type select operation target and press [Enter].
7. Type list domains and press [Enter]. All domains in the forest will be listed.
8. Type select domain <number> and press [Enter].
9. Type list sites and press [Enter].
10. Type select site <number> (the number of the site in which the DC was a member) and press [Enter].
11. Type list servers in site and press [Enter].
12. Type select server <number>, where <number>is that of the DC to be removed, and press [Enter].
13. Type quit and press [Enter].
14. Type remove selected server and press [Enter].
15. Type quit and press [Enter] until you're back at the command prompt.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 35167789
what other web site?

I'd use (often use so I don't have to memorize)Petri's version - google Petri metadata cleanup
0
 
LVL 1

Author Comment

by:homerslmpson
ID: 35167804
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35167860
Go with Petri
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now