[SOLUTION] Recreate AD on an SBS 2008

Recreate AD on an SBS 2008 - Can it be done?

Experts,

This is an unusual one, but I would love to avoid rebuilding this server.

It is a SBS 2008, only about 10 users, but big mailboxes and hosting a complicated production website.

Approximately 6 months ago something happened to the NTDS.DIT file. It carried on working though and I only discovered now that there is a problem - too late for backups to be useful. If I try to add a user it fails and generates an error, besides that it works perfectly.

NTDSUtil says the file is corrupt. I have tried all combinations of NTDSUtil and ESENTUTL. This will not fix the file in such a way that the AD service will start (even when NTDSUtil gives the file the all clear).

In a non-SBS situation it would be straightforward to add another DC, promote it and remove AD from the problem server, then add the original DC server back again. I think this would work here because the data in AD is all readable.

But I have read that with SBS it could be problematic to follow this route, because it wants to be the only DC. SO my question is could I do this, and if so how?

Thanks.

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LVL 99

Lee W, MVPTechnology and Business Process AdvisorCommented: 2015-10-29

If you AD is corrupt adding another DC won't help.

But FYI, there is ZERO problems adding another DC to an SBS network. The PROBLEM is adding another SBS Server - SBS MUST be the FSMO master. But there no problem at all having additional DCs in the network so long as you don't transfer the FSMO roles off the SBS server.

And you CANNOT demote a server with Exchange on it... basically, what you should do at this point -- IF IT WORKS -- is migrate the existing SBS install to a new install - like an upgrade, only you're not upgrading you're staying at the same version.

You should move that production web site OFF SITE - you cannot provide the level of redundancy that a hosting center could.

Honestly, if you're not familiar with SBS, you would be FAR wiser to hire someone who is.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

LVL 53

Will SzymkowskiSenior Solution ArchitectCommented: 2015-10-29

Because you are in an SBS environment and you have no good backups I am afraid a re-build would be the only choice if eseutil did not fix the issues with the database.

Will.

LVL 1

pcguy-zaAuthor Commented: 2015-10-29

Thanks, good advice. A migration would give me more leeway to do it slowly and without downtime. Assuming the AD propagates. I have done plenty of SBS 2003 to SBS 2011 upgrades, so quite familiar with the process.

I have been managing 20+ SBS's for years, just always kept them in good shape so have never had an AD fail like this. Very annoying.

The site is a development copy. The production site is hosted at a data centre - so that is OK.

If the AD propagation fails will I be able to backtrack. Maybe a swing migration would be safer?

You can backtrack by simply transferring the FSMO roles back to the SBS server.

pcguy-zaAuthor Commented: 2015-11-15

Thanks for the advice, I am going to try to a migration.

Recreate AD on an SBS 2008 - Can it be done?

Who is Participating?