[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

destroyed AD

Posted on 2011-10-29
12
Medium Priority
?
326 Views
Last Modified: 2012-05-12
I have a totally hosed and destroyed AD , i really i am not looking for an answer on how to fix it , i just need to validate my solution

i have a remote site that is only replicated once a day at 11:00pm

i know that domain controller has a good copy of ad

this remote AD domain controller holds none of the FSMO roles

so boot the remote DC is directory services restore mode and make an athoritive restore?

0
Comment
Question by:NAMEWITHELD12
  • 5
  • 2
  • 2
  • +2
12 Comments
 
LVL 81

Accepted Solution

by:
arnold earned 572 total points
ID: 37051644
Could you clarify what you mean by hosed AD?
did you run dcdiag?

You could assert on the remote DC using ntdsutil http://support.microsoft.com/kb/255504
the current other DC can not be on/connected without reformatting.

There is no point in trying to restore the remote DC which is subordinate.


Make sure you have AD backups and make sure not to delete old ones.

0
 
LVL 15

Assisted Solution

by:jrhelgeson
jrhelgeson earned 576 total points
ID: 37051684
Log into the remote DC and seize the FSMO roles.  On that machine, remove your old DC from the domain.
Then when you rebuild your DC, it will replicate from the remote DC, then you can transfer the FSMO roles back to the newly rebuilt machine.
0
 
LVL 1

Author Comment

by:NAMEWITHELD12
ID: 37051869
Log into the remote DC and seize the FSMO roles

how can i be sure that AD does not replicate from the bad site to the good , so the first thing i want to do is to make sure that does not happend , say o have only a few moments unitil the good site syncs with the bad is there a way to shut it off , or should disconnect it completly from the other bad site
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:NAMEWITHELD12
ID: 37051896
0
 
LVL 15

Assisted Solution

by:jrhelgeson
jrhelgeson earned 576 total points
ID: 37051938
How many domain controllers do you have @ HQ? Is it 4?  Are all of the DC's at HQ FUBAR?

Which DC is the remote site synching with?  Was it the FSMO DC?  Multiple DC's?
How was AD Destroyed?  What are the problems you are having @ HQ?

In short, I do not yet agree with your approach.
You can restart AD replication, but we need to determine the extent and type of corruption - at either site. If HQ is corrupt, there is no way that the remote site is unscathed.

Joel
0
 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 568 total points
ID: 37051967
Why wouldn't you make a backup of the remote DC?  And I agree - what do you mean "hosed"?  If it's "hosed" why is it still online?
0
 
LVL 1

Author Comment

by:NAMEWITHELD12
ID: 37051973
All AD severs at HQ have massive amounts of data and system files  deleted maliciously , the DNS is wiped out also .

I am going to try suppressing the sycronzation with the remote site , shutting off the corrupted domain controllers , seize the FSMO roles at the remote site to the remote site good controller  , boot the remote site domian controller with all of the other domain controllers at the HQ site off , build DNS at the remote site and then promote member servers at HQ to be new domain controllers
0
 
LVL 1

Author Comment

by:NAMEWITHELD12
ID: 37051999
this is a theoretical exersize my boss asked me to look into , is what i am trying too do way off base?
0
 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 568 total points
ID: 37052027
In my opinion, this exersize is way off base.  I would question your competency if you allowed this to happen.  Specifically, if you are a large organization what the heck are you doing having data on DCs?

If you have this much concern, then you need some kind of system in place to protect against things.  Many small clients implement BDRs which allow for recovery back to points earlier in time (as little as 15 minute increments or less).  I would be recommending this solution if your security and policies in a larger org as as lax as this exercise would make it seem they are (otherwise, why would you have an exercise like this if it wasn't something you could consider at least possible).
0
 
LVL 4

Assisted Solution

by:ReclaiMe
ReclaiMe earned 284 total points
ID: 37052504
I suppose you should make sure the logically hosed machines are also physically hosed. Shut them down and remove power cords. This way, no unwanted sync ever happens.

Also, while you are at it, disconnect the good machine from the network, make a backup of it, then connect it back.
0
 
LVL 1

Author Comment

by:NAMEWITHELD12
ID: 37053068
yeah i think this will work
0
 
LVL 81

Assisted Solution

by:arnold
arnold earned 572 total points
ID: 37053192
Since this is an exercise, a backup solution for AD backup is a must. The only plausible compromise of this nature suggests as others pointed out lack of security or the person responsible is a disgruntled admin.

The other issue is file deletion is not an AD hosing event and restoring the AD will not bring those files back.
Implementation of Backup plans is a must which might include incremental/differential backups during the day.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
The business world is becoming increasingly integrated with tech. It’s not just for a select few anymore — but what about if you have a small business? It may be easier than you think to integrate technology into your small business, and it’s likely…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question