Cannot restore Win2K server functions

A

Adam

I have domain with two Win2K servers and several Win2K &
WinXP Pro workstations. One server ("primary") has been
broken ans repaired. System has been restored from
Symantec Ghost 2003 system partition backup (45 days old).
Now domain has been splited into two. In one (old), I have
one server ("secondary") and all workstations. In second
(new), I have restored server. Both servers cannot
comunicate on resources level. I try to restore Active
Directory data on restored server with "F8" menu and
ntdsutil. Operation performed succesfully but helps
nothing. I try to downgrade restored server with dcpromo
but operation has been refused. Any other advice than new
system installation?
 
T

Tom Ausburne

You should never restore a domain controller from backup unless there
are no functioning domain controllers left in the domain. The best
way to solve this problem is as follows:

1. Make sure you have Service Pack 4 on at least the "Primary" domain
controller.

2. Run DCPromo with the /forceremoval switch. Make sure it is a
member of a workgroup when you are done.

332199 Using the DCPROMO /FORCEREMOVAL Command to Force the Demotion
of Active
http://support.microsoft.com/?id=332199

3. Do a Metadata Cleanup on the "Secondary" domain controller to
remove any references to the "Primary" domain controller.

216498 HOW TO: Remove Data in Active Directory After an Unsuccessful
Domain
http://support.microsoft.com/?id=216498

4. Seize all 5 FSMO roles to the "Secondary" domain controller.

255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller
http://support.microsoft.com/?id=255504

5. Join the "Primary" server to the domain as a member server.

6. Run DCPromo and promote it back to a domain controller.


Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.
 
A

Adam

Thank you very much. I'll try solution tomorrow (we have
now 23:00). I cannot understand only one question. You've
said: "You should never restore a domain controller from
backup unless there are no functioning domain controllers
left in the domain". How to restore domain controller "not
from backup" if system partition is scratched due to
hardware malfunction and domain has more than one
controller?
Adam
 
M

Michael Davis \(Comcast.Net\)

As long as there is 1 functioning DC in the domain, you should not use the
backup tape of the DC.

Rather,
run NTDSUtil and clean up stray AD info on the "missing" DC.

Install a fresh copy of Win2k in a workgroup and DCpromo after updating it
to current SP4.

MikeD
 
A

Adam

Many thanks to Tom Ausburne. I've succesfully restored
server today. Everything done as adviced.

I should come back to DC backup problem. I have not
separate machine to be DC only. It acts as data server too
(matter of economy). In my LAN, I have two such DC. It
helps me much during last case - domain doesn't stop to
work, just one DC & data server has been frozen.
Installing new Win2K Server from scratch (with add.
software like Symantec Antivirus and typical after
installation configuration) is time consuming. Restoring
from backup is much, much faster. I cannot froze data
server for such a long time. On the begining I try to use
ntbackup for DC backup on tape. It doesn't works for AD
data. Subsequently, I start to use Symantec Ghost for
image backup. I see now that it is also not perfect. I
have one simple question:

What is the official way of system data backup/restore
for Win2K Server working as Active Directory Domain
Controller?

Exist any or not? Server without effective backup is no
server at all.

Adam
 
T

Tom Ausburne

The appropriate way to backup a domain controller is covered in this
article:

240363 HOW TO: Use the Backup Program to Back Up and Restore the
System State
http://support.microsoft.com/?id=240363


Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.
 
A

Adam

How often I should save system state to avoid domain
controller "disconnection" after restore (as per my
original case). Once per week, once per month, any other
period? Assuming more than one DC in domain, is not the
problem if restored Active Directory is or not up to date,
subject to replication will start succesfully. Problem is,
to avoid DC "disconnection" from domain after restore.
Once again, what is the AD safe backup period to secure
subsequent restore & replication from other servers?

Adam
 
T

Tom Ausburne

I'm not sure if this will answer your question or not but System
State backups of domain controllers are not useful after 60 days
because of tombstone issues.


Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Replacing Win2k Server 1
Operation Failed removeing AD on a Win2k Server 3
restoring data and active directory into a new server 7
restore system state 1
Disaster Recovery 2
Cannot find DC 2
From NTDomain to new Win2K Domain 2
Cannot join domain...very odd 2

Top