Announcement

Collapse
No announcement yet.

Active Directory Damaged On Server, Help plz

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Damaged On Server, Help plz

    Hello, i need some help Active directory has been damaged on the server there is no AD policies now, but somehow the users are still logging in with their AD accounts and use the damaged AD user credentials, i cannot edit them on the server because AD is lost i need to change some user permission locally and i don't need to create another AD, please help is there a way ? (i can only login using user on the computers i need to grant full control, administrator account is disabled)

  • #2
    Re: Active Directory Damaged On Server, Help plz

    If you have an additional DC, check if it is OK and scrap the problem one
    If not, restore from backup


    Which server OS is the DC on, and what are the FLs?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Active Directory Damaged On Server, Help plz

      Originally posted by Ossian View Post
      If you have an additional DC, check if it is OK and scrap the problem one
      If not, restore from backup


      Which server OS is the DC on, and what are the FLs?
      Hello, Thanks for fast reply first

      There is no copy of AD, i started working as IT in this new company the IT who was before
      me said AD was damaged and there's no backup, the server which had AD running on have MS Server 2003 R2 installed.

      Comment


      • #4
        Re: Active Directory Damaged On Server, Help plz

        So you have an old (nearly unsupported) OS, no redundancy in Active Directory and no backups.... This is NOT good news!

        To confirm, all your group policies are damaged/destroyed, but the remainder of AD is working (user and computer accounts are intact)?

        If a small organisation, it may be worth starting from scratch, so you know how things are configured. If that is not an option, you will need to remove all traces of the old group policy objects: https://www.google.co.uk/search?q=re...4DA&gws_rd=ssl

        The default Domain and Domain Controller policies can be restored using DCGPOFIX http://technet.microsoft.com/en-us/l.../hh875588.aspx

        You will then need to recreate whatever group policies you need, but this time make regular backups!
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Active Directory Damaged On Server, Help plz

          Thank you i will try my luck, it's a small company with 3 small departments working on a Database accounting software i donno why there is a domain in the first place no need for any policy, my biggest concern now is just to grant one user administrative access.

          Thank you.

          Comment


          • #6
            Re: Active Directory Damaged On Server, Help plz

            Active directory domains do a lot more than apply group policies - they are essential for Exchange, for example

            By the sound of it, you can delete all the corrupt policies and reset the defaults, then move on

            Strongly recommend you put steps in place to stop this happening again - redundant DCs and regular (tested) backups
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Active Directory Damaged On Server, Help plz

              Originally posted by Ossian View Post
              Active directory domains do a lot more than apply group policies - they are essential for Exchange, for example

              By the sound of it, you can delete all the corrupt policies and reset the defaults, then move on

              Strongly recommend you put steps in place to stop this happening again - redundant DCs and regular (tested) backups
              Thank you for your help, i solved the problem but not in AD an employee said that he remembered an administrator local account so i logged in and made the machine part of administrator i guess it bypassed the damaged gpo.

              You are right this company use Exchange Server internal and external mails are important for this company. In the future i will not add a new domain on this unsupported windows server, first i will upgrade to Server 2008 but i heard that the ISA server wont work with 2008 version.

              Comment


              • #8
                Re: Active Directory Damaged On Server, Help plz

                You still have 2 problems you need to deal with urgently:
                1) Errors in AD have a nasty habit of getting worse (they certainly don't get better) until things reach the state where AD becomes unusable
                2) You appear to have no disaster recovery plan, so if anything major goes wrong, how would you deal with it?
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Active Directory Damaged On Server, Help plz

                  Originally posted by Ossian View Post
                  You still have 2 problems you need to deal with urgently:
                  1) Errors in AD have a nasty habit of getting worse (they certainly don't get better) until things reach the state where AD becomes unusable
                  2) You appear to have no disaster recovery plan, so if anything major goes wrong, how would you deal with it?
                  I have installed an automatic backup software for Outlook emails that schedule backup on the server from every computer, and also i have daily backup for the company database program on 2 External HD ( i change HD every week) just in case the external is also damaged i would have a 1 week bk.

                  Edit: If AD becomes worse i will upgrade to Server 2008 and then make new AD.
                  Last edited by Alcastive; 19th December 2014, 10:28.

                  Comment


                  • #10
                    Re: Active Directory Damaged On Server, Help plz

                    Originally posted by Alcastive View Post
                    I have installed an automatic backup software for Outlook emails that schedule backup on the server from every computer, and also i have daily backup for the company database program on 2 External HD ( i change HD every week) just in case the external is also damaged i would have a 1 week bk.

                    Edit: If AD becomes worse i will upgrade to Server 2008 and then make new AD.
                    So are you backing up:
                    AD (if it dies, there will be problems with logons and accessing resources, as well as Exchange dying)
                    Exchange (there is a lot more than just the emails in outlook - for starters, your log files will not be truncated and will eventually fill up the drive)
                    The server (again likely to be a lot more than just the database)

                    If you assume the worst will happen, and prepare for it well, you will be able to cope with lesser problems
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment


                    • #11
                      Re: Active Directory Damaged On Server, Help plz

                      Originally posted by Ossian View Post
                      So are you backing up:
                      AD (if it dies, there will be problems with logons and accessing resources, as well as Exchange dying)
                      Exchange (there is a lot more than just the emails in outlook - for starters, your log files will not be truncated and will eventually fill up the drive)
                      The server (again likely to be a lot more than just the database)

                      If you assume the worst will happen, and prepare for it well, you will be able to cope with lesser problems
                      I see, maybe i will eventually update the server to 2008 in the near future maybe after new year for a fresh start i hope a new AD and server upgrade with ms forefront TMG instead of ISA will be a final solution.

                      Comment


                      • #12
                        Re: Active Directory Damaged On Server, Help plz

                        I beleive forefront tmg is transitioning to extended support only in April 2015 as well.. might be better off looking at UAG
                        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                        Comment


                        • #13
                          Re: Active Directory Damaged On Server, Help plz

                          Originally posted by tehcamel View Post
                          I beleive forefront tmg is transitioning to extended support only in April 2015 as well.. might be better off looking at UAG
                          UAG was retired on July 1 2014. Currently, Microsoft has no firewall product at all.

                          Comment


                          • #14
                            Re: Active Directory Damaged On Server, Help plz

                            Why Server 2008? It is coming up to SEVEN years old. Server 2008 will reach the Extended Support Phase Jan 15th 2015. I would seriously suggest Server 2012 R2 or perhaps better for a small business SBS 2011.
                            1 1 was a racehorse.
                            2 2 was 1 2.
                            1 1 1 1 race 1 day,
                            2 2 1 1 2

                            Comment


                            • #15
                              Re: Active Directory Damaged On Server, Help plz

                              Originally posted by biggles77 View Post
                              Why Server 2008? It is coming up to SEVEN years old. Server 2008 will reach the Extended Support Phase Jan 15th 2015. I would seriously suggest Server 2012 R2 or perhaps better for a small business SBS 2011.
                              except you can't really buy sbs 2011 any more.
                              that said, I do have an OEM copy i'm sitting on..
                              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                              Comment

                              Working...
                              X