Announcement

Collapse
No announcement yet.

Domain controller

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain controller

    Hi,

    I'm wondering if somebody can give me a few pointers on restoring a failed DC. Our site is fairly small and consists of 2 DC's. The first DC contains all the FSMO roles and both DC's are global catalogs.
    If one of our DC's failed (the one without any FSMO roles), all i'd need to do to get it back up and running is:

    a) fix the original problem that caused the failure (hardware etc)
    b) format the server and then reinstall Windows 2003 and patch it up
    c) DC promo (AD replication will then replicate all AD info to rebuilt server)

    If i wanted to give the new rebuilt DC the same name as the failed DC, would i need to use NTDSUTIL to delete the DC from AD before i join it to the domain or can i just go into AD users and computers and delete the computer account relating to the DC?

    thanks in advance
    Matt

  • #2
    Re: Domain controller

    Seems pretty good as a plan.
    From bad experiences, use a different name rather than relying on ntdsutil to clean up all traces unless you have a VERY good reason to keep the original name

    Alternatively, have up to date system state backups and recover from them, keeping the name
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Domain controller

      Thanks for your quick reply!

      We have good system state backups so if i wanted to keep the same name, i could just restore the system state from the failed DC onto the new DC and not have to bother with NTDSUTIL? Replication will then replicate any changes made to AD since the failure.

      To make things easier and quicker, i could rebuild the server as mentioned in my original post, give it a new name and then just DC promo?

      Also, when i first join the new DC to the domain, there will already be a computer with the same name so will i need to delete the computer account from AD before i can join it to the domain?

      Comment


      • #4
        Re: Domain controller

        Yup!
        System state restore will preserve the SIDs etc so as long as it is less than c. 90 days old (google for "AD Tombstone") it is OK

        To restore, build it as a non-domain member then do the restore. Also investigate ASR --automated system recovery to boot with a floppy and a backup. If you use e.g. Backup Exec you will have other bare metal options.
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Domain controller

          We use backup exec so if i rebuild it as a non-domain member, i can install the backup exec remote windows agent, restore the system state, reboot and hey presto, it's on the domain and AD will start to replicate? Is that it?

          For the DC that has all the FSMO roles, as long as the rebuild happens immediately, i won't need to seize the roles and i could do the same as above and restore system state from backup. This would restore all the FSMO roles.

          I'm trying to cover all scenarios but to be honest i think giving the new server a new name would be the way forward! Unless, like you said, i HAD to keep the same name.

          Comment

          Working...
          X