?
Solved

How to rebuild corrupted Domain Controller

Posted on 2011-03-18
7
Medium Priority
?
437 Views
Last Modified: 2012-08-13
Here is the situation.

We have a DC that was never backed up. The company data on the server was but not the system state, AD, etc.  There are 5 DC's throughout the domain.

The DC got corrupted and now it won't boot.  I am getting the error below after attempting to "repair" the Windows installation (see attached image).

Can I simply cleanup the metadata, reinstall Windows 2003 R2, give the server the same name / IP address and then promote it?

What else am I missing here?

This is a disaster situation for us here and the IT department definitely failed.  Now I'm just trying to minimize the downtime.

Any help would be appreciated.
2.jpg
0
Comment
Question by:homerslmpson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 1000 total points
ID: 35167587
I would kill it - reload and reinstall.  Clean up the metadata and if you verify DNS and AD have no traces of the DC, you can reuse the same name/IP
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 500 total points
ID: 35167599
Fornmat and rebuild that failed DC. The run a metadatacleanup, see link below, and delete object from sites and serives. You can re-add the computer with the same and IP but some people prefer to give it a  new name. If you keep the same name make sure your other DCs are replicating properly, run repadmin and dcdiag to verify there are no errors after you do the metadatacleanup




http://support.microsoft.com/kb/216498
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 500 total points
ID: 35167708
Metadata cleanup.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Sieze any FSMO roles listed to another DC.

Delete all DNS records for this failed DC.

You can then proceed with rebuild
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 1

Author Comment

by:homerslmpson
ID: 35167772
I got this from another website.  Does this seem like the right steps?

1. Type ntdsutil at the command prompt.
2. At the ntdsutil: prompt, type metadata cleanup and press [Enter].
3. If SP1 is installed, type remove selected server ServerName. (See Figure B.) If SP1 is not installed and you're using the version of Ntdsutil.exe that's included with Windows Server 2003with no service pack, connect to the existing domain controller (in ourcase, the one in the same site as the failed DC) on which you want to remove the failed DC's ntdsDSA object. To do this, type connections at the metadata cleanup prompt and press [Enter].
4. Type connect to server <servername>, where <servername>is the DC that will be used to clean the metadata, and press [Enter]. It can be any working DC in the same domain, but we'll use one in the same site. Figure C shows this step on a DC that does not have SP1 installed.
5. Type quit and press [Enter].
6. Type select operation target and press [Enter].
7. Type list domains and press [Enter]. All domains in the forest will be listed.
8. Type select domain <number> and press [Enter].
9. Type list sites and press [Enter].
10. Type select site <number> (the number of the site in which the DC was a member) and press [Enter].
11. Type list servers in site and press [Enter].
12. Type select server <number>, where <number>is that of the DC to be removed, and press [Enter].
13. Type quit and press [Enter].
14. Type remove selected server and press [Enter].
15. Type quit and press [Enter] until you're back at the command prompt.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 1000 total points
ID: 35167789
what other web site?

I'd use (often use so I don't have to memorize)Petri's version - google Petri metadata cleanup
0
 
LVL 1

Author Comment

by:homerslmpson
ID: 35167804
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35167860
Go with Petri
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month13 days, 15 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question