Failed Authoritative Restore

[Charlie]

Fortunately it's just a test lab. This is a good example of why you should
have one.
What did I do wrong?
1) I backed up the System State on DC2.
2) I deleted an "important" OU, made sure the two DCs replicated and
confirmed the OU deletion.
3) I booted DC2 into AD Restore mode.
4) I used NT Backup to restore the System State, choosing to overwrite
newer files and was prompted to reboot.
5) Upon reboot I again went into AD Restore mode and used ntdsutil to do an
authoritative restore.
At that point I got a Jet error. I believe it said the log file was corrupt
or couldn't be found or something.
I tried rebooting normally but I got the message that DS couldn't start and
that I would need to boot into AD Restore mode. At that point I was
obviously stuck in a loop. I tried to run the restore again from NT Backup
(why?). Needless to say, that did no good. Eventually I would boot into AD
Restore mode and when I tried to use ntdsutil to do the Authoritative
Restore, it would tell me that I needed to boot into ADR mode even though I
already was.
Next steps -
Reformat, sieze FSMO roles, reinstall, DC Promo, etc.
Any ideas? I tried to retrace my steps as well as possible so I hope I'm
not missing something.
Thanks

 

[Cary Shultz [A.D. MVP]]

Charlie,

I agree with you. It is very important to have a test lab so that you can
gain 'break things' in order to have the experience for when it happens in
the production environment.

First, let's look at how things could have been done and then let's look at
the error that you are getting.

At what Service Pack level are these DCs? I ask because of the following
MSKB Article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;295932

Are you familiar with the 'restore subtree' command in ntdsutil? It allows
you to restore a part of your AD, such as this OU that you deleted.

Here is an article from the MSKB that describes the process"
http://support.microsoft.com/default.aspx?scid=kb;en-us;241594


Are you familiar with the 'files' command in ntdsutil? Here is a link to
some information on this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;315131
http://support.microsoft.com/default.aspx?scid=kb;en-us;257420

HTH,

Cary

 

[Guest]

Thanks, Cary
Inline responses below -

-----Original Message-----
Charlie,

I agree with you. It is very important to have a test lab so that you can
gain 'break things' in order to have the experience for when it happens in
the production environment.

First, let's look at how things could have been done and then let's look at
the error that you are getting.

At what Service Pack level are these DCs?

SP 4, SO I SHOULD BE OK.
I ask because of the following

MSKB Article:
http://support.microsoft.com/default.aspx?scid=kb;en- us;295932

Are you familiar with the 'restore subtree' command in

ntdsutil?
YES, I FORGOT TO MENTION THAT I ONLY CHOSE TO RESTORE THE
OU THAT I DELETED FROM THE TREE.
It allows

you to restore a part of your AD, such as this OU that you deleted.

Here is an article from the MSKB that describes the process"
us;241594


Are you familiar with the 'files' command in ntdsutil?

I HAVEN'T NOTICED THAT ONE IN THE NTDSUTIL HELP. I'LL
LOOK AT THE ARTICLES.
Here is a link to

 

[Ace Fekay [MVP]]

In

Fortunately it's just a test lab. This is a good example of why you
should have one.
What did I do wrong?
1) I backed up the System State on DC2.
2) I deleted an "important" OU, made sure the two DCs replicated and
confirmed the OU deletion.
3) I booted DC2 into AD Restore mode.
4) I used NT Backup to restore the System State, choosing to
overwrite newer files and was prompted to reboot.
5) Upon reboot I again went into AD Restore mode and used ntdsutil
to do an authoritative restore.
At that point I got a Jet error. I believe it said the log file was
corrupt or couldn't be found or something.
I tried rebooting normally but I got the message that DS couldn't
start and that I would need to boot into AD Restore mode. At that
point I was obviously stuck in a loop. I tried to run the restore
again from NT Backup (why?). Needless to say, that did no good.
Eventually I would boot into AD Restore mode and when I tried to use
ntdsutil to do the Authoritative Restore, it would tell me that I
needed to boot into ADR mode even though I already was.
Next steps -
Reformat, sieze FSMO roles, reinstall, DC Promo, etc.
Any ideas? I tried to retrace my steps as well as possible so I hope
I'm not missing something.
Thanks

To add to Cary's suggestions, and this is just conjecture, maybe rebooting
it after the restore, even though going into DSRM again, may have caused it,
that is assuming the authoratative restore procedure was properly followed
the first time. Ideally, the method is to go into ntdsutil after the restore
before restarting.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory