Manually restore AD
Hi.
A customer has lost administrative access to his only server. No other member servers in AD. No other domain controllers. 5 PCs and 6 User objects. It's Server 2008 R2 Standard and he is running Acronis Backup.
I can narrow down the incident to last weekend: We accessed the server as administrator on saturday 9am.
From Monday on I get "user is deactivated" on logon. Strange: I get this regardless of the password - even on a wrong password.
I noticed later, that obviously users frequently access the server desktop as administrator via RDP to do something in a software that runs only there.
Yuck!
Anyway - I have to restore this somehow and my question is this: Can I just copy back the ADS database at C:\Windows\NTDS from my backup? Acronis won't start in directory services recover mode...
Or does anybody have an equally simple idea?
Thanks,
Ralph
A customer has lost administrative access to his only server. No other member servers in AD. No other domain controllers. 5 PCs and 6 User objects. It's Server 2008 R2 Standard and he is running Acronis Backup.
I can narrow down the incident to last weekend: We accessed the server as administrator on saturday 9am.
From Monday on I get "user is deactivated" on logon. Strange: I get this regardless of the password - even on a wrong password.
I noticed later, that obviously users frequently access the server desktop as administrator via RDP to do something in a software that runs only there.
Yuck!
Anyway - I have to restore this somehow and my question is this: Can I just copy back the ADS database at C:\Windows\NTDS from my backup? Acronis won't start in directory services recover mode...
Or does anybody have an equally simple idea?
Thanks,
Ralph
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Check if any other user is part of domain admin or admin group. Else chances of restore is very less. You might need to recreate new forest and domain again. For 4-5 users, it won't take much time.
Really simple to fix. For those who speak German:
https://blog.irhh.de/2013/windows-server-letztes-administrator-konto-deaktivieren-und-wieder-aktivieren/
The rest of you: you'll get the jist.
https://blog.irhh.de/2013/windows-server-letztes-administrator-konto-deaktivieren-und-wieder-aktivieren/
The rest of you: you'll get the jist.
For a single server domain with no other replicaiton partners you could theoretically restore a good server image of the DC, as long it is not past the tombstoned period.
Ultimately the long way would be to do the following...
- Install a fresh OS (same as what the DC was)
- patch the server
- restore the system state backup
Thats it.
I do not typically recommend restoring a full image of a DC, however in a scenario where you have no other replicating partners and it is the only DC in the environment you will not run into any issues related to USN rollback.
This only thing you might need to do is reset the secure channel for the computers that are in this domian or add/remove the machine from the domain.
A side from that it will work.
Will.
Ultimately the long way would be to do the following...
- Install a fresh OS (same as what the DC was)
- patch the server
- restore the system state backup
Thats it.
I do not typically recommend restoring a full image of a DC, however in a scenario where you have no other replicating partners and it is the only DC in the environment you will not run into any issues related to USN rollback.
This only thing you might need to do is reset the secure channel for the computers that are in this domian or add/remove the machine from the domain.
A side from that it will work.
Will.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial