Announcement

Collapse
No announcement yet.

DC deleted by mistake

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DC deleted by mistake

    Let's say someone deleted a DC from a domain by mistake, and I wanted to make it work again without doing a demote/promote and without doing an authoritative restore..

    If it's gone from the Domain Controllers OU, gone from the metadata, gone from site links, are all those deleted objects available in deleted Objects ?
    (in CN=Configuration for site links and metadata I suppose)

    If they are, what objects would you restore to bring it back to life?

    (This is just a hypothetical thing I want to test tomorrow - feel free to post "unsafe" ideas )
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

  • #2
    Re: DC deleted by mistake

    if you are talking about the computer object that was deleted, then just restore the computer object.
    the computer object does not hold the AD metadata.

    Comment


    • #3
      Re: DC deleted by mistake

      The computer object is the easy one... Would the deleted metadata be in the deleted objects of CN=Configuration ?

      I'll test that out..
      VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

      Comment


      • #4
        Re: DC deleted by mistake

        Check a number of places but event logs showing FRS errors would be a good clue.
        TIA

        Steven Teiger [SBS-MVP(2003-2009)]
        http://www.wintra.co.il/
        sigpic
        Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

        We donít stop playing because we grow old, we grow old because we stop playing.

        Comment


        • #5
          Re: DC deleted by mistake

          What you will see in Deleted Objects container are tombstones and those will definitely not have all the attributes that were populated before the deletion.
          i.e.: if you reanimate a siteLink tombstone, it will not include the list of the sites in the site link. If you reanimate the DC's computer account, te password is not restored and you will have to reset the secure channel.
          The most problematic one as I see it is the nTDSDSA object (NTDS Settings) under the server object in Config partition - it holds the invocationID attribute of the DC - a GUID used in replication. If you delete nTDSDSA object, I'm almost sure the attribute will not be preserved on tombstone, making the whole exercise moot.
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            Re: DC deleted by mistake

            Very good info guyt ! Thanks, it confirms what I thought...it's probably not doable that way..

            The reason I was wondering if because people asked me a few times and I kept saying "I don't think it's that easy" yet, I didn't have a clear explanation as of why.



            Oh, and Win 2008 with promote from media will be a great help for situations like this, where let's say you want to do a demote and promote but the database is huge and WAN is slow...
            Last edited by gepeto; 18th June 2008, 15:34. Reason: promote from media
            VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

            Comment


            • #7
              Re: DC deleted by mistake

              Originally posted by gepeto View Post
              Oh, and Win 2008 with promote from media will be a great help for situations like this, where let's say you want to do a demote and promote but the database is huge and WAN is slow...
              dcpromo from media is there since W2K3
              http://www.petri.com/install_dc_from...erver_2003.htm
              Guy Teverovsky
              "Smith & Wesson - the original point and click interface"

              Comment


              • #8
                Re: DC deleted by mistake

                Haha you're right !

                That domain I'm working on is 2000.
                VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                Comment

                Working...
                X