AD restore test didn't work at all

B

bruce

Windows 2ksp4

We have a separate test network with 2 DCs with identical hardware to
our production DCs. Every month, we pull one of the mirrored drives from
each of our production DCs and insert into the test DCs.

I wanted to test AD restore prior to starting any win2k3 migration.

I backed up the System State on the production DC that has all the roles
except GC and moved it down to the test network. I ran an authoritative
restore following the MS white paper "Active Directory Disaster
Recovery".

1. For the non-authoritative restore part, I did not get the all same
options under the Advanced Restore wizard as described in the document,
and the ones I did get were grayed out.

2. The AD was completely hosed after the restore & reboot. Event ID
16550 SAM "Account-identifier allocator failed to init properly...".
Event ID 3034 MrxSmb "Redirector unable to initialize security
context...". AD Users & Computers could not even open the AD.

Any pointers would be appreciated. Right now I have zero confidence in
being able to restore AD using this document.
 
T

Tomasz Onyszko

bruce wrote:

1. For the non-authoritative restore part, I did not get the all same
options under the Advanced Restore wizard as described in the document,
and the ones I did get were grayed out.

2. The AD was completely hosed after the restore & reboot. Event ID
16550 SAM "Account-identifier allocator failed to init properly...".
Event ID 3034 MrxSmb "Redirector unable to initialize security
context...". AD Users & Computers could not even open the AD.

Any pointers would be appreciated. Right now I have zero confidence in
being able to restore AD using this document.
Click to expand...

Did You perform the restore of the SYSVOL ?

http://www.microsoft.com/technet/pr...ies/activedirectory/support/adrecov.mspx#EHAA

<quote>
The authoritative restore of SYSVOL does not occur automatically after
an authoritative restore of Active Directory, additional steps are required.
</quote>

In this document You will also find the steps needed to authoritative
restore of SYSVOL.

This error indicate that Your AD instance didn't started - it can be
that problems with SYSVOL are preveting it from starting.

Are You having any other event entries related to FRS, DNS or something
else in the Event logs ?
 
B

bruce

bruce wrote:



Did You perform the restore of the SYSVOL ?

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technolog i
es/activedirectory/support/adrecov.mspx#EHAA

<quote>
The authoritative restore of SYSVOL does not occur automatically after
an authoritative restore of Active Directory, additional steps are
required. </quote>

In this document You will also find the steps needed to authoritative
restore of SYSVOL.

This error indicate that Your AD instance didn't started - it can be
that problems with SYSVOL are preveting it from starting.

Are You having any other event entries related to FRS, DNS or
something else in the Event logs ?
Click to expand...

yes. but all the article mentions restoring are the policies & scripts
dirs. don't see how these would affect the guts of AD.

also, when I did the non-authoritative restore, I did not get the option
for "Restore junction points..." or ..."When restoring replicated
data...". The other 3 options were all grayed out & unchecked. It seems
like it was doomed from the start. Could some kind of problem w/ my
System State backup cause this?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Disaster Recovery AD 2
Disaster Recovery AD 1
trouble after DC restore 1
testing authoritative restore of objects in a windows 2003 SP2 domain 2
Creating Test AD environment from Production AD environment 1
RID operations master failure 1
Practice of AD restore 1
Primary Restore of AD 1

Top