PDC crashed need suggestions

This afternoon my PDC crashed with an error stating that the 'Security Accounts Manager initialization failed : Directory service cannot start. Error Status 0xc00002e1. Reboot into Directory Service Restore Mode' Tried to get into this mode but do not have the password for this mode. Tried resetting the DSRM password but when I tried to set a new password it came back that it did not have enough storage to perform the task. I called Microsoft and they tried to help but gave up. What to do?

I am currently building another server in hopes of restoring the full backup I have from Sunday but Microsoft made it sound like that is pointless and I need to rebuild the server then re-add all the workstations and servers. I have an Exchange server on this domain and that makes things even more complicated. Any suggestions? When I look at the server it shows that Active Directory is rebuilding Indicines but don't know if that will fix it.
TimSr. System AdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You stated that when trying to reset password it came back with no space warning. Running out of space is a great way to kill a PDC

Check if you have any free space in not try free some up.
TimSr. System AdminAuthor Commented:
No it said that there was no resources available. This is a domain controller so really there is nothing that would take up disk space on the server plus I would have received a warning about disk space being an issue.
you will be surprised. DC do use up space with log files updates extra.

With out copies of logs from event viewer I do not think alot of people will be able to help.

Directory restore mode is only used when restoring DC from backup and wanting to force it as the authoritative DC  (Im recalling form memory i think.)

Exchange does make it complicated. Unless you can get the restore to work you have a huge problem. Is this the only domain controller on the network.  If you have another Domain Controller you could seize the roles  ( There is no PDC anymore all Domain controllers are equal  Except  Read only DC ( you can just sieze the Fismo Roles and clean up AD.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

TimSr. System AdminAuthor Commented:
I have a huge problem. I have tried doing a restore and tried to repair the install and nothing worked. I have jumped off the deep end and started rebuilding the server. I hope that once I get it back up I can restore the files from the backup then the system state but I have a feeling it wont be that easy... nothing is. If the restore does not work I don't know what I am going to do about exchange. Email is the life of the company. I have a domain controller that is off site and one of our remote locations but I don't know if I will be able to seize the fismo roles.  due to this controller being off site I assume that will be difficult to seize those roles?

BTW when I started the rebuild only a quarter of the drive was used and the rest was free space. Yes I know that the PDC is a thing of the past but the company I work for is tight on spending money so all of our server except for about 3 are all 2003.

Have you had any experience restoring a backup to a rebuilt server? When you say huge problem with exchange what should I expect? Where to start to get this going all again? I know I have a long road to go but need some road maps if you have any.

Thanks for responding.
As you state you have multiple DC you can not restore the Domain with out the password. it will be overwritten you need the ADRM password.

Are the sites linked via VPN.

If you have a remote domain controllers that are accessible the only option I can think of is to seize the roles to one of the other Domain controllers. install a new one locally join it to the domain and promote it to and once everything has replicated seize the roles back.

I think you are misinformed. PDC is a windows nt4 technology and not used in server 2003 except for backwards compatibility. all Domain controllers are equal and the only differentiating factor is which ones hold the FISMO roles.

Try seize the FISMO roles on to the remote DC ( that is your best bet). If you can ping it you should be able to seize the roles and it should be able to communicate with exchange.

If you can not get AD up and running exchange is dead. new domain new install. (That is my understanding I could be wrong)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TimSr. System AdminAuthor Commented:
OK I have encountered my first issue. I am trying to add the computer to the domain but I get the error 'The following error occurred attempting to join the domain <domain name> : The specified user already exists' I'm sure this has something to do with the fact that I am trying to add a computer with the same name to the domain. What do I need to do to clean up the directory so I can add this machine and run the dcpromo on it.
Seth SimmonsSr. Systems AdministratorCommented:
cleanup the metadata and get it out if you are rebuilding it with the same name

Clean up server metadata

seize FSMO roles to another domain controller; fine if it's in another site

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
I would give it a new name or Delete it however i"m not sure on the consequences for deleting it. I would just give it a new name that makes it easy to clean up late and will not cause any issue with SId's extra.
Ya I would just give it a new name.
TimSr. System AdminAuthor Commented:
Well it took a few days but I have finally got the DC back up and running after doing a rebuild. It's a good thing I had that secondary DC at the remote location. Anyway thanks for all your help.
Glad I was able to help.

Dont forget to run DCdiag once completed and make sure all is running well.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.