Active Directory Disaster Recovery
Posted on 2014-12-19
I've been hired to clean up another mess. The previous IT was stealing things and probably hosting websites (and who knows what else) off of this small business client. I replaced the router/firewall, removed the remote access software; yanked the lights out cable.
The client has <10 Win 7 pro workstations in a domain. There is one server 2008 standard in the domain but this server is not the domain controller; it is running as a VM instance inside of a souped up Esxi server, and hosts an application the business needs (infrequently). There are no other servers.
The previous IT gave up all the passwords to everything, except the root of the Esxi server (a ha!). I tried a couple of password recovery techniques and ended up bringing in some outside help; we upgraded the Esxi version, preserving the virtual machines and data stores; I see a couple of other workstations and linux boxes as vm's; these are powered off and upon a cursory examination, really unnecessary - it looks like they were playgrounds for the previous guy.
The domain controller is physically and logically missing - I actually searched the building.
I can see the workstations' registries pointing to the the missing AD server. They are using cached credentials and one person/one pc arrangement; if you try to sign on any workstation with another's credentials, you get a "no logon server is available" message.
I have a USB drive backup of the missing AD server dated Jan 2014 and plenty of room on the Esxi server.
So I'm debating whether to restore the backup and try to patch things up, buy an instance of server 2012, build a new domain, disjoin the clients and join them to new domain or what?
My gut instinct is to "cut sling load" as we said in the Army and build a new domain. I've never tried to disjoin a workstation without the domain controller being present but I'm sure there's a way.
What are your thoughts?