?
Solved

Can I demote a Server 2003 in DSRM, retart the server as a stand alone, then promote it back to a DC and use System State Restore to recover original domain

Posted on 2011-03-25
6
Medium Priority
?
1,027 Views
Last Modified: 2012-05-11
We are running a Server 2003 Domain and a power outage today tested the UPS and it failed. Hence the AD was corrupted. The AD does not want to be repaired with esentutil or ntdsutil. I have tried to repair it to a state where I can get the Server to boot again, then I could run the Backup Exec and so a system state restore to repair it.  The MS KB258062 describes the problem, although I dont have the Event Messages that are suggsted there.

My question is, can I demote the Server in DSRM, retart the server as a stand alone server, then promote it back to a DC, then perform a system state restore to bring the original domain back again.? It is the only DC on the Domain.
0
Comment
Question by:kevinjeremy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35214683
First thing this is why it is so important to have more the one DC even if the other DC is a virtual machine or a PC you would have at least been saved.

Here are the instructions on restoring.

http://www.petri.co.il/restore-windows-server-2003-active-directory.htm

http://technet.microsoft.com/en-us/library/cc782127(WS.10).aspx

If the DC is dead then you should run dcpromo /forceremoval to remove AD from the failed server
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 35214712
I suppose that is few users. Maybe better is erase all and recreate domain.
0
 
LVL 11

Accepted Solution

by:
sighar earned 2000 total points
ID: 35221066
@dariusg, the DC has to be live  but offline to run dcpromo /forceremoval on it.

@kevinjeremy. you're correct in all but one. You don't need to restart the DC in DSRM, just plug it offline and run dcpromo /forceremoval, THEN start it in DSRM and restore the AD back. Since it is the only DC you don't have to restore authoritatively (spelling?) but it really depends on how new your AD backup is.

And I agree with dariusg, it's very important to have two DCs for fault tolerance.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:kevinjeremy
ID: 35224470
I might add that this server was setup by a previous consultant, who is no longer in the business ???and no disc's etc were left on site and no one else .. you probably know the story.

My issue now is that the backup was done with Symantec Backup Exec 11d and when in DSRM, I dont have any services running and Backup Exec wont run to recover files. I am looking for a way to recover the System State backup so that it can be restored in DSRM. Can you be of any help here?
0
 

Assisted Solution

by:kevinjeremy
kevinjeremy earned 0 total points
ID: 35224878
OK, I have the issue sorted.
The corruption of the AD would only let the server start in DSRM, but it would not recognise the AD, so there were no permisions etc to allow any of the necessary services to run ie Backup Exec.

After getting a backup Image of the System Drive, I found another article MS KB332199 that had a section that described  "If the domain controller cannot start in normal mode".
Following this section, I managed to remove the old broken domain, recreate another domain of the same name, and then login to DSRM and restore the system state from backup of two days ago.
The only other issue was with Backup Exec, the permissions from the newly created domain did not match the existing backup data. Using Bckup Exec Login Wizard, I created another user with the new domain admin credentials and set this as default, then the restore would work for me. After the system state restore, all permissions are set back to how they were when the backup was created..

Thanks to those who responded.
0
 

Author Closing Comment

by:kevinjeremy
ID: 35275428
The solution from sighar was a good start to where I needed to go.
The final solution being in my own comments, was that I performed further research myself to gain a resolution to the problem.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question