Restoring a Primary Domain Controller

[Eric Hodges]

I have two DC's in my network, one primary, one secondary. We'll call
them A and B.

A's hardware failed and I had to re-install W2K Server. Now, I want
to put Active Directory back on it and use it as my primary DC again
(it's a much faster machine than B is). I have a relatively recent
backup of the System State, and the Active Directory structure hasn't
changed at all since I made that backup.

Should I restore my backup to A, or join A back into my domain? I'm
afraid that if I take the second option, AD won't give A its status as
PDC back. But I've never done the first option before either, and I'm
not sure if it will also cause conflicts.

I appreciate your help.

-Eric

 

[Simon Geary]

In Windows 2000 there is no concept of PDC and BDC, all DC's are given equal
status apart from the FSMO roles which should be seized by the remaining DC.

When you rebuild your server, just join it to the domain and then run
dcpromo. The dcpromo process will install Active Directory by pulling it
across from the remaining DC. You don't need to do a restore from backup.

 

[Richard McCall [MSFT]]

The only think you will have to do prior to the dcpromo is to seize the fsmo
roles on Server B. and Then Clean up the metadata for Server A.
255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller
http://support.microsoft.com/?id=255504

216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
http://support.microsoft.com/?id=216498

 

[David Brandt [MSFT]]

Restoring would be the least complicated route to take, and if the tape,
system state, restore, etc are all ok should put it back to the same state
it was prior to the crash. Any additional AD info created on the other dc
while this one was down would then be replicated over to get it up to date.

Since this box crashed, and I assume held either some or all of the fsmo
roles, those roles would NOT transfer automatically over to the other dc,
and will have to be seized (since the other machine isn't there you can't
transfer gracefully) to the other dc (this is all assuming that the restore
fails, and you had to re-install, rejoin the domain. dcpromo up again -
which will fail since it wouldn't be able to find any current fsmo holders
and will still be looking for the old crashed dc which is not there).
You would also need to run ntdsutil and do a metadata cleanup to remove the
old dc account info from AD prior to the re-introduction of the new dc
(assuming using same name, but also to just get AD cleaned up properly).
If the second dc was not already made a GC, then you will need to make it a
gc as well.
If you have to reinstall (failed restore etc) then first seize the fsmo
roles to the other dc, do a metadata cleanup, and then re-introduce the new
server back into the domain and promote up again. If not sure what roles it
held, run the following on any machine to see who holds what roles;
"netdom query fsmo" (netdom is one of the support tools that can be
installed off of win2k server CD in support/tools/setup.exe - pick typical
install)

Use the following articles to do this;
255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller
http://support.microsoft.com/?id=255504

216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
http://support.microsoft.com/?id=216498
(there are a lot of steps here but just follow them like they're laid out
and it works fine. Be sure to connect to the live dc though and not to the
old dead dc in step 5)
--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

 

[David Brandt [MSFT]]

Restoring would be the least complicated route to take, and if the tape,
system state, restore, etc are all ok should put it back to the same state
it was prior to the crash. Any additional AD info created on the other dc
while this one was down would then be replicated over to get it up to date.

Since this box crashed, and I assume held either some or all of the fsmo
roles, those roles would NOT transfer automatically over to the other dc,
and will have to be seized (since the other machine isn't there you can't
transfer gracefully) to the other dc (this is all assuming that the restore
fails, and you had to re-install, rejoin the domain. dcpromo up again -
which will fail since it wouldn't be able to find any current fsmo holders
and will still be looking for the old crashed dc which is not there).
You would also need to run ntdsutil and do a metadata cleanup to remove the
old dc account info from AD prior to the re-introduction of the new dc
(assuming using same name, but also to just get AD cleaned up properly).
If the second dc was not already made a GC, then you will need to make it a
gc as well.
If you have to reinstall (failed restore etc) then first seize the fsmo
roles to the other dc, do a metadata cleanup, and then re-introduce the new
server back into the domain and promote up again. If not sure what roles it
held, run the following on any machine to see who holds what roles;
"netdom query fsmo" (netdom is one of the support tools that can be
installed off of win2k server CD in support/tools/setup.exe - pick typical
install)

Use the following articles to do this;
255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller
http://support.microsoft.com/?id=255504

216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
http://support.microsoft.com/?id=216498
(there are a lot of steps here but just follow them like they're laid out
and it works fine. Be sure to connect to the live dc though and not to the
old dead dc in step 5)


--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.