Domain controllers accidentally deleted in AD
Posted on 2014-03-24
Customer has 5 sites with Win 2003 domain controllers at 4 branches and Windows 2008 R2 at the other.
Replication between these sites works fine.
We are replacing all 5 branch servers with Win2012 domain controllers.
One of the new servers was taken to the nearest branch, added to the domain and promoted to a domain controller. After AD replication was complete it was brought back to our office.
VPN connection to all sites was setup from our office (using same method as branches use to communicate).
Our office and subnet were added to AD sites and services.
Event logs showed new domain controller was replicating correctly with other sites.
Added the remaining 4 servers to the domain and promoted to domain controllers.
At this point I realised, for various reasons, that we hadn't chosen the best names for the new servers.
So I used netdom to rename them all as follows:
netdom computername oldname.domain.local /add:newname.domain.local
netdom computername oldname.domain.local /makeprimary:newname.domain.local
Then after a reboot
netdom computername newname.domain.local /remove:oldname.domain.local
All worked fine.
A few days later (new servers still in our office) - I logged into one of the original DCs and whilst tidying up some user accounts noticed that two machine accounts were showing under the Computer OU for two of the new domain controllers - using the first incorrect names that they'd been given.
I very stupidly thought these were orphan objects left after all the new servers were renamed and deleted them both.
I then noticed in the FRS logs that replication hadn't been taking place due to low system disk space. So sorted that out and got it working again.
Only shortly after this did I realise I'd made a serious mistake - by which time the server where I had deleted the two servers in AD had replicated with all other domain controllers.
As a result we now have a situation where two of the new domain controllers no longer have accounts in AD and we're unable to login to either of them.
Obviously as they're not in production yet we could just start from scratch, but there's already been a lot of work done on them setting up other software. Unfortunately the backup process hasn't been setup on any of them yet.
Is there any way to recover from this situation?