No announcement yet.

Trying to use DCPROMO for Disaster Recovery test

  • Filter
  • Time
  • Show
Clear All
new posts

  • Trying to use DCPROMO for Disaster Recovery test

    I am not very AD literate, so please excuse my ignorance. I have also changed the names of the domains to protect the innocent.

    Our network consists of a domain with 2 child domains ( and
    In our domain, I am trying to set up a disaster recovery lab for testing out build procedures. This lab will be totally isolated from the rest of the network. I intended on standing up a domain controller in our lab so that all the servers can authenticate and be a part of our isolated domain. Things arent working as planned. Here is what I did.

    In our domain, we have 1 forest server ( In the child domain, we have 2 servers ( and

    What I did was created a brand new server and named it svr4. I built it as a Windows 2003 Std Server and then joined it to the domain. I then ran dcpromo on it so it would become a domain controller and replicate AD with the rest of the domain. After running dcpromo, running AD Users/Computers viewed it as a DC and running replmon on the server showed it had replicated (as far as I could tell). I let the server sit on the domain as a DC for about 18 hours.

    I then shut the server down, made a ghost image of it and then started it back up. Once it was back up, I ran dcpromo again and demoted it.

    I then put the server in our isolated network and put the ghost image back on it to convert it back to a DC. Once it started up in its isolated network, I can no longer log in to it. I keeps telling me to check my username/password as if I am mistyping my password. I tried bringing one of the other servers in the isolated domain up and told it to join the domain and gave it my credentials, but it acted as though it could not see the domain.

    I am stuck at this point. I dont know what to do or what I did wrong. I am assuming I left out an important step, or maybe I need to have 2 DC's, I dont know.

    Can anyone shed any light on what I did, or clarify whether this is a workable solution?


  • #2
    A couple of notes.

    - warning: if you backup a DC using ghost you should NEVER put it back in production. Use only proper backup/restore procedures for that.
    - you might have forgotten to make this new DC a Global Catalog. No-one can log on if there is no GC... except the built-in Administrator. Did you try that? (this is tuneable, but let's not get into that)
    - did you point the DC to itself for DNS? As you know, AD cannot live without it. If not, you can fix that after booting to safe mode.
    - while on the subject of DNS, does the child domain have a copy of the zone? It should if the forest root domain was installed using W2003. If not, create a secondary zone or something. This zone is vital for locating GC's and other stuff.

    Hope this gets you started!


    • #3
      I did forget about the GC. I honestly didnt realize it. I am going to try that again on Tuesday when we go back to the office.

      Also, can you recommend a proper backup/restore method? I thought ghost would be a good way to get an exact copy of the server from one environment to the other.

      Thank you kindly!


      • #4
        Sure, you can use ghost to go from one network to another. You just should not restore into the same environment using ghost. The reason behind that is that a proper restore (ntbackup!) tells the DC that it has just been restored and to make proper adjustsments. When you restore an image the DC never realises it has been restored, leading to all kinds of subtle and not-so-subtle problems.

        So my recommendations for DC's: ntbackup, system drive + system state. Not fancy, but reliable.


        • #5
          You will also probably want to transfer all the FSMOs to the DC you are moving to the test environment.
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"