Solved

Can I demote a Server 2003 in DSRM, retart the server as a stand alone, then promote it back to a DC and use System State Restore to recover original domain

Posted on 2011-03-25
6
988 Views
Last Modified: 2012-05-11
We are running a Server 2003 Domain and a power outage today tested the UPS and it failed. Hence the AD was corrupted. The AD does not want to be repaired with esentutil or ntdsutil. I have tried to repair it to a state where I can get the Server to boot again, then I could run the Backup Exec and so a system state restore to repair it.  The MS KB258062 describes the problem, although I dont have the Event Messages that are suggsted there.

My question is, can I demote the Server in DSRM, retart the server as a stand alone server, then promote it back to a DC, then perform a system state restore to bring the original domain back again.? It is the only DC on the Domain.
0
Comment
Question by:kevinjeremy
6 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
First thing this is why it is so important to have more the one DC even if the other DC is a virtual machine or a PC you would have at least been saved.

Here are the instructions on restoring.

http://www.petri.co.il/restore-windows-server-2003-active-directory.htm

http://technet.microsoft.com/en-us/library/cc782127(WS.10).aspx

If the DC is dead then you should run dcpromo /forceremoval to remove AD from the failed server
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
Comment Utility
I suppose that is few users. Maybe better is erase all and recreate domain.
0
 
LVL 11

Accepted Solution

by:
sighar earned 500 total points
Comment Utility
@dariusg, the DC has to be live  but offline to run dcpromo /forceremoval on it.

@kevinjeremy. you're correct in all but one. You don't need to restart the DC in DSRM, just plug it offline and run dcpromo /forceremoval, THEN start it in DSRM and restore the AD back. Since it is the only DC you don't have to restore authoritatively (spelling?) but it really depends on how new your AD backup is.

And I agree with dariusg, it's very important to have two DCs for fault tolerance.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:kevinjeremy
Comment Utility
I might add that this server was setup by a previous consultant, who is no longer in the business ???and no disc's etc were left on site and no one else .. you probably know the story.

My issue now is that the backup was done with Symantec Backup Exec 11d and when in DSRM, I dont have any services running and Backup Exec wont run to recover files. I am looking for a way to recover the System State backup so that it can be restored in DSRM. Can you be of any help here?
0
 

Assisted Solution

by:kevinjeremy
kevinjeremy earned 0 total points
Comment Utility
OK, I have the issue sorted.
The corruption of the AD would only let the server start in DSRM, but it would not recognise the AD, so there were no permisions etc to allow any of the necessary services to run ie Backup Exec.

After getting a backup Image of the System Drive, I found another article MS KB332199 that had a section that described  "If the domain controller cannot start in normal mode".
Following this section, I managed to remove the old broken domain, recreate another domain of the same name, and then login to DSRM and restore the system state from backup of two days ago.
The only other issue was with Backup Exec, the permissions from the newly created domain did not match the existing backup data. Using Bckup Exec Login Wizard, I created another user with the new domain admin credentials and set this as default, then the restore would work for me. After the system state restore, all permissions are set back to how they were when the backup was created..

Thanks to those who responded.
0
 

Author Closing Comment

by:kevinjeremy
Comment Utility
The solution from sighar was a good start to where I needed to go.
The final solution being in my own comments, was that I performed further research myself to gain a resolution to the problem.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

One of the frustrating downsides to using third party RAID hardware is the frequent lack of native driver support in the standard OS.  During install, Windows prompts for third party storage drivers from CD or USB so it is straightforward, but it ca…
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now