Manually restore AD
Hi.
A customer has lost administrative access to his only server. No other member servers in AD. No other domain controllers. 5 PCs and 6 User objects. It's Server 2008 R2 Standard and he is running Acronis Backup.
I can narrow down the incident to last weekend: We accessed the server as administrator on saturday 9am.
From Monday on I get "user is deactivated" on logon. Strange: I get this regardless of the password - even on a wrong password.
I noticed later, that obviously users frequently access the server desktop as administrator via RDP to do something in a software that runs only there.
Yuck!
Anyway - I have to restore this somehow and my question is this: Can I just copy back the ADS database at C:\Windows\NTDS from my backup? Acronis won't start in directory services recover mode...
Or does anybody have an equally simple idea?
Thanks,
Ralph
A customer has lost administrative access to his only server. No other member servers in AD. No other domain controllers. 5 PCs and 6 User objects. It's Server 2008 R2 Standard and he is running Acronis Backup.
I can narrow down the incident to last weekend: We accessed the server as administrator on saturday 9am.
From Monday on I get "user is deactivated" on logon. Strange: I get this regardless of the password - even on a wrong password.
I noticed later, that obviously users frequently access the server desktop as administrator via RDP to do something in a software that runs only there.
Yuck!
Anyway - I have to restore this somehow and my question is this: Can I just copy back the ADS database at C:\Windows\NTDS from my backup? Acronis won't start in directory services recover mode...
Or does anybody have an equally simple idea?
Thanks,
Ralph
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
LVL 47
Check if any other user is part of domain admin or admin group. Else chances of restore is very less. You might need to recreate new forest and domain again. For 4-5 users, it won't take much time.
Really simple to fix. For those who speak German:
https://blog.irhh.de/2013/windows-server-letztes-administrator-konto-deaktivieren-und-wieder-aktivieren/
The rest of you: you'll get the jist.
https://blog.irhh.de/2013/windows-server-letztes-administrator-konto-deaktivieren-und-wieder-aktivieren/
The rest of you: you'll get the jist.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
For a single server domain with no other replicaiton partners you could theoretically restore a good server image of the DC, as long it is not past the tombstoned period.
Ultimately the long way would be to do the following...
- Install a fresh OS (same as what the DC was)
- patch the server
- restore the system state backup
Thats it.
I do not typically recommend restoring a full image of a DC, however in a scenario where you have no other replicating partners and it is the only DC in the environment you will not run into any issues related to USN rollback.
This only thing you might need to do is reset the secure channel for the computers that are in this domian or add/remove the machine from the domain.
A side from that it will work.
Will.
Ultimately the long way would be to do the following...
- Install a fresh OS (same as what the DC was)
- patch the server
- restore the system state backup
Thats it.
I do not typically recommend restoring a full image of a DC, however in a scenario where you have no other replicating partners and it is the only DC in the environment you will not run into any issues related to USN rollback.
This only thing you might need to do is reset the secure channel for the computers that are in this domian or add/remove the machine from the domain.
A side from that it will work.
Will.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012
From novice to tech pro — start learning today.
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 303 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 435 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 388 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 450 lessons
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.