Manually restore AD

Hi.

A customer has lost administrative access to his only server.  No other member servers in AD.  No other domain controllers.  5 PCs and 6 User objects.  It's Server 2008 R2 Standard and he is running Acronis Backup.
I can narrow down the incident to last weekend:  We accessed the server as administrator on saturday 9am.
From Monday on I get "user is deactivated" on logon.  Strange:  I get this regardless of the password - even on a wrong password.

I noticed later, that obviously users frequently access the server desktop as administrator via RDP to do something in a software that runs only there.

Yuck!

Anyway - I have to restore this somehow and my question is this:  Can I just copy back the ADS database at C:\Windows\NTDS from my backup?  Acronis won't start in directory services recover mode...

Or does anybody have an equally simple idea?

Thanks,
Ralph
LVL 2
Ralph ScharpingDigital TherapistAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Check if any other user is part of domain admin or admin group. Else chances of restore is very less. You might need to recreate new forest and domain again. For 4-5 users, it won't take much time.
0
Ralph ScharpingDigital TherapistAuthor Commented:
Really simple to fix.  For those who speak German:

https://blog.irhh.de/2013/windows-server-letztes-administrator-konto-deaktivieren-und-wieder-aktivieren/

The rest of you:  you'll get the jist.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
For a single server domain with no other replicaiton partners you could theoretically restore a good server image of the DC, as long it is not past the tombstoned period.

Ultimately the long way would be to do the following...
- Install a fresh OS (same as what the DC was)
- patch the server
- restore the system state backup

Thats it.

I do not typically recommend restoring a full image of a DC, however in a scenario where you have no other replicating partners and it is the only DC in the environment you will not run into any issues related to USN rollback.

This only thing you might need to do is reset the secure channel for the computers that are in this domian or add/remove the machine from the domain.

A side from that it will work.

Will.
0
AmitIT ArchitectCommented:
Vielen Dank für die Lösung
0
Ralph ScharpingDigital TherapistAuthor Commented:
Found it myself
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.