Solved

Active Directory Disaster Recovery

Posted on 2014-12-19
4
274 Views
Last Modified: 2014-12-21
I've been hired to clean up another mess.  The previous IT was stealing things and probably hosting websites (and who knows what else) off of this small business client. I replaced the router/firewall, removed the remote access software; yanked the lights out cable.

The client has <10 Win 7 pro workstations in a domain. There is one server 2008 standard in the domain but this server is not the domain controller; it is running as a VM instance inside of a souped up Esxi server, and hosts an application the business needs (infrequently).  There are no other servers.

The previous IT gave up all the passwords to everything, except the root of the Esxi server (a ha!).  I tried a couple of password recovery techniques and ended up bringing in some outside help; we upgraded the Esxi version, preserving the virtual machines and data stores; I see a couple of other workstations and linux boxes as vm's; these are powered off and upon a cursory examination, really unnecessary - it looks like they were playgrounds for the previous guy.

The domain controller is physically and logically missing - I actually searched the building.  

I can see the workstations' registries pointing to the the missing AD server.  They are using cached credentials and one person/one pc arrangement; if you try to sign on any workstation with another's credentials, you get a "no logon server is available" message.

I have a USB drive backup of the missing AD server dated Jan 2014 and plenty of room on the Esxi server.

So I'm debating whether to restore the backup and try to patch things up, buy an instance of server 2012, build a new domain, disjoin the clients and join them to new domain or what?  

My gut instinct is to "cut sling load" as we said in the Army and build a new domain.  I've never tried to disjoin a workstation without the domain controller being present but I'm sure there's a way.

What are your thoughts?
0
Comment
Question by:wfgllc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 167 total points
ID: 40509624
from a technical perspective, that backup is very old. You'll have issues with tombstoned objects.

From a security perspective, the IT infrastructure is untrusted, thus so should the DC backup be.

Build new.
0
 

Author Comment

by:wfgllc
ID: 40509662
I agree on the security issue and tombstone is an evil word - fought that battle before.

Sage advice, Cliff.  Thank you.
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 167 total points
ID: 40510768
Yes definitely build from scratch as Cliff has suggested.

As for removing the workstations from the domain, the local Administrator account can achieve this (tip: type in .\Administrator for the username)
0
 
LVL 10

Assisted Solution

by:Pramod Ubhe
Pramod Ubhe earned 166 total points
ID: 40511453
the computer accounts renew their passwords in 30days so as soon as you bring the dc online, there will be mismatch of lot of things.
I would suggest to restore the backup on an isolated network where you only have few computers to test the thing and if it is easy, you may bring it to production network and then definitely think of building new domain/dc.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question