Manually restore AD

Ralph Scharping
Ralph Scharping used Ask the Experts™
on
Hi.

A customer has lost administrative access to his only server.  No other member servers in AD.  No other domain controllers.  5 PCs and 6 User objects.  It's Server 2008 R2 Standard and he is running Acronis Backup.
I can narrow down the incident to last weekend:  We accessed the server as administrator on saturday 9am.
From Monday on I get "user is deactivated" on logon.  Strange:  I get this regardless of the password - even on a wrong password.

I noticed later, that obviously users frequently access the server desktop as administrator via RDP to do something in a software that runs only there.

Yuck!

Anyway - I have to restore this somehow and my question is this:  Can I just copy back the ADS database at C:\Windows\NTDS from my backup?  Acronis won't start in directory services recover mode...

Or does anybody have an equally simple idea?

Thanks,
Ralph
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
AmitIT Architect
Distinguished Expert 2017

Commented:
Check if any other user is part of domain admin or admin group. Else chances of restore is very less. You might need to recreate new forest and domain again. For 4-5 users, it won't take much time.
Digital Therapist
Commented:
Really simple to fix.  For those who speak German:

https://blog.irhh.de/2013/windows-server-letztes-administrator-konto-deaktivieren-und-wieder-aktivieren/

The rest of you:  you'll get the jist.
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
For a single server domain with no other replicaiton partners you could theoretically restore a good server image of the DC, as long it is not past the tombstoned period.

Ultimately the long way would be to do the following...
- Install a fresh OS (same as what the DC was)
- patch the server
- restore the system state backup

Thats it.

I do not typically recommend restoring a full image of a DC, however in a scenario where you have no other replicating partners and it is the only DC in the environment you will not run into any issues related to USN rollback.

This only thing you might need to do is reset the secure channel for the computers that are in this domian or add/remove the machine from the domain.

A side from that it will work.

Will.
AmitIT Architect
Distinguished Expert 2017

Commented:
Vielen Dank für die Lösung
Ralph ScharpingDigital Therapist

Author

Commented:
Found it myself

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial