Solved

Can I demote a Server 2003 in DSRM, retart the server as a stand alone, then promote it back to a DC and use System State Restore to recover original domain

Posted on 2011-03-25
6
1,018 Views
Last Modified: 2012-05-11
We are running a Server 2003 Domain and a power outage today tested the UPS and it failed. Hence the AD was corrupted. The AD does not want to be repaired with esentutil or ntdsutil. I have tried to repair it to a state where I can get the Server to boot again, then I could run the Backup Exec and so a system state restore to repair it.  The MS KB258062 describes the problem, although I dont have the Event Messages that are suggsted there.

My question is, can I demote the Server in DSRM, retart the server as a stand alone server, then promote it back to a DC, then perform a system state restore to bring the original domain back again.? It is the only DC on the Domain.
0
Comment
Question by:kevinjeremy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35214683
First thing this is why it is so important to have more the one DC even if the other DC is a virtual machine or a PC you would have at least been saved.

Here are the instructions on restoring.

http://www.petri.co.il/restore-windows-server-2003-active-directory.htm

http://technet.microsoft.com/en-us/library/cc782127(WS.10).aspx

If the DC is dead then you should run dcpromo /forceremoval to remove AD from the failed server
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 35214712
I suppose that is few users. Maybe better is erase all and recreate domain.
0
 
LVL 11

Accepted Solution

by:
sighar earned 500 total points
ID: 35221066
@dariusg, the DC has to be live  but offline to run dcpromo /forceremoval on it.

@kevinjeremy. you're correct in all but one. You don't need to restart the DC in DSRM, just plug it offline and run dcpromo /forceremoval, THEN start it in DSRM and restore the AD back. Since it is the only DC you don't have to restore authoritatively (spelling?) but it really depends on how new your AD backup is.

And I agree with dariusg, it's very important to have two DCs for fault tolerance.
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 

Author Comment

by:kevinjeremy
ID: 35224470
I might add that this server was setup by a previous consultant, who is no longer in the business ???and no disc's etc were left on site and no one else .. you probably know the story.

My issue now is that the backup was done with Symantec Backup Exec 11d and when in DSRM, I dont have any services running and Backup Exec wont run to recover files. I am looking for a way to recover the System State backup so that it can be restored in DSRM. Can you be of any help here?
0
 

Assisted Solution

by:kevinjeremy
kevinjeremy earned 0 total points
ID: 35224878
OK, I have the issue sorted.
The corruption of the AD would only let the server start in DSRM, but it would not recognise the AD, so there were no permisions etc to allow any of the necessary services to run ie Backup Exec.

After getting a backup Image of the System Drive, I found another article MS KB332199 that had a section that described  "If the domain controller cannot start in normal mode".
Following this section, I managed to remove the old broken domain, recreate another domain of the same name, and then login to DSRM and restore the system state from backup of two days ago.
The only other issue was with Backup Exec, the permissions from the newly created domain did not match the existing backup data. Using Bckup Exec Login Wizard, I created another user with the new domain admin credentials and set this as default, then the restore would work for me. After the system state restore, all permissions are set back to how they were when the backup was created..

Thanks to those who responded.
0
 

Author Closing Comment

by:kevinjeremy
ID: 35275428
The solution from sighar was a good start to where I needed to go.
The final solution being in my own comments, was that I performed further research myself to gain a resolution to the problem.
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question