Solved

windows 2003 Domain controller  restore

Posted on 2012-04-03
8
321 Views
Last Modified: 2012-05-27
Dear Experts

we are using DC and AD 2003,  we are having two Dc server one is primary and other is secondary, our primary DC server not stable and its hardware is very old.
we purchased a new server Hardware and i wanted to restore the primary Dc server on new Server. could any one say me the procedure.
0
Comment
Question by:Msii
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 10

Accepted Solution

by:
Prashant Girennavar earned 167 total points
ID: 37799725
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37799737
by not stable do you mean it is not at all working? if it is working for sometime you should transfer the roles to the secondary server to be on safer side. then you can promote the new server and demote this faulty server.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 167 total points
ID: 37799746
Don't restore.  Odds are you can't anyway (licensing) and then you'd need appropriate software.

You also don't have a primary and secondary.  In Active Directory, DCs are multi-master, meaning that each DC is equal.  There are 5 FSMO roles that could be spread amongst up to 5 servers.  If the currently unstable server is holding the roles, then TRANSFER them.  It's a fairly simple procedure, see:
http://www.petri.co.il/transferring_fsmo_roles.htm

What you want to do is:
0. Perform a full backup of both/all DCs!
1. Run DCDIAG /C /E /V on both DCs and confirm the directory health - resolve any unexplained issues
2. Install the new server as a member server.
3. Run DCPROMO on the new server and make it a DC.
4. Transfer the FSMO roles if necessary from the old server.
5. Run DCPROMO on the old server and demote it.
6. Delete the old server from the domain.

This WILL require changing the server name.  If you want to keep the server name, change the order from ... 2, 3, 4, 5 to 4, 5, 2, 3 and skip 6.
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 

Author Comment

by:Msii
ID: 37804840
DC is not at all working, it is totally down. i have a full backup of my DC.
how to restore the backup smoothly on the new server
0
 
LVL 26

Assisted Solution

by:Leon Fester
Leon Fester earned 166 total points
ID: 37806541
The best way to introduce a new DC is to run the DCPROMO command on a freshly built Windows Server.
When you restore the DC from the backup, the database will be out-of-date, and this can introduce more issues.

To get rid of the DC that is "totally down" you need to run a metadata cleanup:
http://support.microsoft.com/kb/216498
Follow the instructions for ntdsutil in windows 2003.

Once the DC has been removed, you format and re-install Windows on your Server.(the totally dead one)
Then run DCPROMO to make it a Domain controller again.

But before you do the above, first confirm that the working Domain Controller currently holds all the FSMO roles.
If neccessary you make need to seize the roles.
http://support.microsoft.com/kb/324801
0
 

Author Comment

by:Msii
ID: 37820715
how can i run metadata cleanup on Dead DC server, it is not booting at all(harddisk is failed).
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37826506
The dead DC is dead. You don't work on it.
You must run the metadata cleanup on the Domain Controller that is still working.
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37831281
No need to run Metadata clenup on dead servers.

Just go the DC which is up and running and perform metadata cleanup using NTDSUTIL

You just need to clean the references of the Dead DC.

Refer below link which explains how to perform Metadata cleanup.

http://support.microsoft.com/kb/216498

Hope this helps.

Regards,

_Prashant_
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question