Recreate AD on an SBS 2008 - Can it be done?
Experts,
This is an unusual one, but I would love to avoid rebuilding this server.
It is a SBS 2008, only about 10 users, but big mailboxes and hosting a complicated production website.
Approximately 6 months ago something happened to the NTDS.DIT file. It carried on working though and I only discovered now that there is a problem - too late for backups to be useful. If I try to add a user it fails and generates an error, besides that it works perfectly.
NTDSUtil says the file is corrupt. I have tried all combinations of NTDSUtil and ESENTUTL. This will not fix the file in such a way that the AD service will start (even when NTDSUtil gives the file the all clear).
In a non-SBS situation it would be straightforward to add another DC, promote it and remove AD from the problem server, then add the original DC server back again. I think this would work here because the data in AD is all readable.
But I have read that with SBS it could be problematic to follow this route, because it wants to be the only DC. SO my question is could I do this, and if so how?
Thanks.
This is an unusual one, but I would love to avoid rebuilding this server.
It is a SBS 2008, only about 10 users, but big mailboxes and hosting a complicated production website.
Approximately 6 months ago something happened to the NTDS.DIT file. It carried on working though and I only discovered now that there is a problem - too late for backups to be useful. If I try to add a user it fails and generates an error, besides that it works perfectly.
NTDSUtil says the file is corrupt. I have tried all combinations of NTDSUtil and ESENTUTL. This will not fix the file in such a way that the AD service will start (even when NTDSUtil gives the file the all clear).
In a non-SBS situation it would be straightforward to add another DC, promote it and remove AD from the problem server, then add the original DC server back again. I think this would work here because the data in AD is all readable.
But I have read that with SBS it could be problematic to follow this route, because it wants to be the only DC. SO my question is could I do this, and if so how?
Thanks.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If you AD is corrupt adding another DC won't help.
But FYI, there is ZERO problems adding another DC to an SBS network. The PROBLEM is adding another SBS Server - SBS MUST be the FSMO master. But there no problem at all having additional DCs in the network so long as you don't transfer the FSMO roles off the SBS server.
And you CANNOT demote a server with Exchange on it... basically, what you should do at this point -- IF IT WORKS -- is migrate the existing SBS install to a new install - like an upgrade, only you're not upgrading you're staying at the same version.
You should move that production web site OFF SITE - you cannot provide the level of redundancy that a hosting center could.
Honestly, if you're not familiar with SBS, you would be FAR wiser to hire someone who is.
But FYI, there is ZERO problems adding another DC to an SBS network. The PROBLEM is adding another SBS Server - SBS MUST be the FSMO master. But there no problem at all having additional DCs in the network so long as you don't transfer the FSMO roles off the SBS server.
And you CANNOT demote a server with Exchange on it... basically, what you should do at this point -- IF IT WORKS -- is migrate the existing SBS install to a new install - like an upgrade, only you're not upgrading you're staying at the same version.
You should move that production web site OFF SITE - you cannot provide the level of redundancy that a hosting center could.
Honestly, if you're not familiar with SBS, you would be FAR wiser to hire someone who is.
Because you are in an SBS environment and you have no good backups I am afraid a re-build would be the only choice if eseutil did not fix the issues with the database.
Will.
Will.
Thanks, good advice. A migration would give me more leeway to do it slowly and without downtime. Assuming the AD propagates. I have done plenty of SBS 2003 to SBS 2011 upgrades, so quite familiar with the process.
I have been managing 20+ SBS's for years, just always kept them in good shape so have never had an AD fail like this. Very annoying.
The site is a development copy. The production site is hosted at a data centre - so that is OK.
If the AD propagation fails will I be able to backtrack. Maybe a swing migration would be safer?
I have been managing 20+ SBS's for years, just always kept them in good shape so have never had an AD fail like this. Very annoying.
The site is a development copy. The production site is hosted at a data centre - so that is OK.
If the AD propagation fails will I be able to backtrack. Maybe a swing migration would be safer?
Premium Content
You need an Expert Office subscription to comment.Start Free Trial