Move Domain Information From One SBS 2003 Image to Another

Hello Experts,

We have a client who's server running small business server 2003 recently got infected.  We cleaned it off but it looks like there is some corruption and a reload may be in order.  What I'm wondering is if there is a way to get another server running server 2003 standard and AD and set it up as a GC so it gets all the information from that domain and then use that to push it to another server running SBS.  Basically I want to see if its possible to reload the server without having to completely remove and rejoin every computer, move over all the profiles, etc....
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Was this the only DC in the environment? If it was then you can resotre the DC using an image backup (acronis etc) to recover this machine before it was infacted. You can only use this method if this DC was the only DC in the environment.

You can also rebuild the DC using 2003 Standard and then do a System State restore to this DC, if it is the only DC in the environment.

If you have another DC in your enivronment that is not infected, it is recommended to Seize the roles to the DC that is online and decommission the other DC as necessary.

Seizing FSMO Roles:

This also includes cleaning up the metadata

Cliff GaliherCommented:
The only way to preserve AD is to do a new install of SBS in migration mode. You will literally have to go through a migration, just as if you were migrating to 2008 or 2011. This is because of the SBS restrictions on domain trusts. The only way to get SBS to join an existing domain is during the install and that must be done in migration mode.

That is the technical answer. Now for the "real" answer (in my opinion.)

Once a domain controller has been infected, the domain is no longer trustworthy. The SAM database has been compromised. Reversing password hashes is not particularly difficult for most 2003 era domains. Plus there are a lot of other AD underpinnings that are in play as well. This is why the DC is the holy grail of a network and most Microsoft guidance is *do not run applications on your domain controllers.*

A compromised server is easy to rebuild. A compromised domain controller usually means rebuilding the domain.

That means building up a new domain. Creating new users. Copying over the data and resetting ACLs. Exporting and importing mailboxes. And disjoining member servers and client machines from the old domain and joining them to the new domain.

Is it a lot of work? Yes. Is it disruptive? Yes. Is it avoidable? In my opinion, no. Once a DC has been compromised, this is the *only* safe way to protect yourself from future attacks based on information gathered (or planted) while the DC was compromised. There just is no substitute.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ctagleAuthor Commented:
As much as I don't like it that was my thinking as well, I guess I just needed someone to reaffirm it lol.  Thank you for the information.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.