I had this question after viewing SYSVOL corrupted
I have a server that was fully corrupted by ransomware without a good restore option available.
I now know I need to rebuild the NETLOGON and SYSVOL shares from scratch and plan to do that per this article:
I also know I need manually seize the roles and remove the old DC:
The question I have is:
Which to do first? I imagine I need to fix the shares first as they are required for proper AD operation, though I fear that will fail due to the lingering DC.
Perhaps someone here has done this before?
Thanks in Advance,