Solved

WINDOWS 2003 R2 AND ACTIVE DIRECTORY RESTORE

Posted on 2013-12-10
13
470 Views
Last Modified: 2013-12-10
Hello All,

I am in trouble. I need to restore AD from System State backup file. Unfortunately, I am struggling to access the server locally (after starting it on safe mode). The server is running AD and it does not have local account.

Is there a way to go about it and perform a restore?

Much appreciate your help.
0
Comment
Question by:TMAA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 14

Assisted Solution

by:comfortjeanius
comfortjeanius earned 500 total points
ID: 39709100
You need to start the server in Active Directory Restore Mode not safe mode.

To restart the domain controller in Directory Services Restore Mode locally

1. Restart the domain controller.

2. When the screen for selecting an operating system appears, press F8.

3. On the Windows Advanced Options menu, select Directory Services Restore Mode.

4. When you are prompted, log on as the local administrator.

0
 

Author Comment

by:TMAA
ID: 39709125
Thank You.

I have followed all the steps (1-4), where I get stuck is at login screen.

I do not have local administrator account. Tried to create new user under Computer Management>Systems Tools> NO Users and Groups option.

How will I manage to access the server locally is my problem. Unless, there is another way to restore AD.

Please help
0
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39709216
You do not know the local administrator password or the local administrator is disable?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:TMAA
ID: 39709220
The server don't have local users and groups. All users worked from AD. Now AD has a problem, hence all the troubles.
0
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39709270
It is probably disabled

1. Start your computer in to Safe mode with networking support.

2. Log on as the administrator.

3. Click Start, click Run, type cmd, and then press Enter.

4. At the command prompt, type the following command, and then press Enter:

net user administrator /active:yes

5. Restart your computer.


Note: You can use the recovery console to access the computer even if the local Administrator account is disabled. Disabling the local Administrator account does not prevent you from logging on to the recovery console as Administrator.
0
 

Author Comment

by:TMAA
ID: 39709418
Thanks,

The command completed successfully....awaiting server restart.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 39709443
How many DC's do you have ..If multiple DC's then forget system state backup
If single DC, you need to have DSRM password to login to DSRM mode
0
 

Author Comment

by:TMAA
ID: 39709455
Single DC. You are right, I need DSRM password...

How do I get it, or after running net user administrator /active:yes I should be able to create one after login in as a domain admin?
0
 
LVL 14

Accepted Solution

by:
comfortjeanius earned 500 total points
ID: 39709505
When you start Windows Server 2003 in Directory Services Restore Mode, the local Administrator account is authenticated by the local Security Accounts Manager (SAM) database. Therefore, logging on requires that you use the local administrator password, not an Active Directory domain password. This password is set during Active Directory installation when you provide the password for Directory Services Restore Mode.

1. Restart the domain controller.

2. When the screen for selecting an operating system appears, press F8.

3. On the Windows Advanced Options menu, select Directory Services Restore Mode.

4. When you are prompted, log on as the local administrator.


Here the KB Article for Resetting DRSM Administrator Password
0
 

Author Comment

by:TMAA
ID: 39709701
Edited..

Thank you
0
 
LVL 14

Assisted Solution

by:comfortjeanius
comfortjeanius earned 500 total points
ID: 39709858
You will have to authenticate locally to the domain controller.

Then follow the instructions that I first provide to enter Active directory Restore Mode "ID: 39709100"

I received these instructions from Restore Active Directory from backup
Once you authenticate with the administrator password

1. To start the Windows Server 2003 backup utility, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup.


This procedure provides steps for restoring from backup in Wizard Mode. By default, the Always Start in Wizard Mode check box is selected in the Backup or Restore Wizard. If the Welcome to the Backup Utility Advanced Mode page appears, click Wizard Mode to open the Backup or Restore Wizard.

2. On the Welcome to the Backup or Restore Wizard page, click Next.

3. Click Restore files and settings, and then click Next.

4. Select System State, and then click Next.

5. On the Completing the Backup or Restore Wizard page, click Advanced.

6. In Restore files to, click Original Location, and then click Next.

7. Click Leave existing files (Recommended), and then click Next.

8. In Advanced Restore Options, select the following check boxes, and then click Next:

Restore security settings
Restore junction points, but not the folders and file data they reference
Preserve existing volume mount points

9. For a primary restore of SYSVOL, also select the following check box: When restoring replicated data sets, mark the restored data as the primary data for all replicas.

A primary restore is required only if the domain controller that you are restoring is the only domain controller in the domain. A primary restore is required on the first domain controller that is being restored in a domain if you are restoring the entire domain or forest.
Now click "Finish" and "Close" when this process has finish
If you do not want to authoritatively restore any objects, click Yes to restart the computer. The system will restart and replicate any new information that is received since the last backup with its replication partners.
If you want to authoritatively restore any objects or if you want to create an LDAP Data Interchange Format (LDIF) file to restore back-links on this domain controller, click No to remain in Directory Services Restore Mode.
0
 

Author Closing Comment

by:TMAA
ID: 39709986
Thank you so much for your assistance.

I have managed to restore the Active Directory.
0
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39710206
Congratulations!!!! No problem glad to be of assistance

@(^_^)@
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question