Solved

Can I demote a Server 2003 in DSRM, retart the server as a stand alone, then promote it back to a DC and use System State Restore to recover original domain

Posted on 2011-03-25
6
1,002 Views
Last Modified: 2012-05-11
We are running a Server 2003 Domain and a power outage today tested the UPS and it failed. Hence the AD was corrupted. The AD does not want to be repaired with esentutil or ntdsutil. I have tried to repair it to a state where I can get the Server to boot again, then I could run the Backup Exec and so a system state restore to repair it.  The MS KB258062 describes the problem, although I dont have the Event Messages that are suggsted there.

My question is, can I demote the Server in DSRM, retart the server as a stand alone server, then promote it back to a DC, then perform a system state restore to bring the original domain back again.? It is the only DC on the Domain.
0
Comment
Question by:kevinjeremy
6 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35214683
First thing this is why it is so important to have more the one DC even if the other DC is a virtual machine or a PC you would have at least been saved.

Here are the instructions on restoring.

http://www.petri.co.il/restore-windows-server-2003-active-directory.htm

http://technet.microsoft.com/en-us/library/cc782127(WS.10).aspx

If the DC is dead then you should run dcpromo /forceremoval to remove AD from the failed server
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 35214712
I suppose that is few users. Maybe better is erase all and recreate domain.
0
 
LVL 11

Accepted Solution

by:
sighar earned 500 total points
ID: 35221066
@dariusg, the DC has to be live  but offline to run dcpromo /forceremoval on it.

@kevinjeremy. you're correct in all but one. You don't need to restart the DC in DSRM, just plug it offline and run dcpromo /forceremoval, THEN start it in DSRM and restore the AD back. Since it is the only DC you don't have to restore authoritatively (spelling?) but it really depends on how new your AD backup is.

And I agree with dariusg, it's very important to have two DCs for fault tolerance.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:kevinjeremy
ID: 35224470
I might add that this server was setup by a previous consultant, who is no longer in the business ???and no disc's etc were left on site and no one else .. you probably know the story.

My issue now is that the backup was done with Symantec Backup Exec 11d and when in DSRM, I dont have any services running and Backup Exec wont run to recover files. I am looking for a way to recover the System State backup so that it can be restored in DSRM. Can you be of any help here?
0
 

Assisted Solution

by:kevinjeremy
kevinjeremy earned 0 total points
ID: 35224878
OK, I have the issue sorted.
The corruption of the AD would only let the server start in DSRM, but it would not recognise the AD, so there were no permisions etc to allow any of the necessary services to run ie Backup Exec.

After getting a backup Image of the System Drive, I found another article MS KB332199 that had a section that described  "If the domain controller cannot start in normal mode".
Following this section, I managed to remove the old broken domain, recreate another domain of the same name, and then login to DSRM and restore the system state from backup of two days ago.
The only other issue was with Backup Exec, the permissions from the newly created domain did not match the existing backup data. Using Bckup Exec Login Wizard, I created another user with the new domain admin credentials and set this as default, then the restore would work for me. After the system state restore, all permissions are set back to how they were when the backup was created..

Thanks to those who responded.
0
 

Author Closing Comment

by:kevinjeremy
ID: 35275428
The solution from sighar was a good start to where I needed to go.
The final solution being in my own comments, was that I performed further research myself to gain a resolution to the problem.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how the use of a bunch of disparate tools requiring a lot of manual attention led to a series of unfortunate backup events for one company.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question