D.C Rebuild..

Hi All,

To cut a long story short...

One of our customers domain controller fell over and subsequantly died on Friday. After a whole day spent by myself i couldnt get it back up. Its a clone server and no support for the hardware (think the hardware RAID controller packed up, rebuilds of the raid dont work, server wont even boot with both drives in etc)

So, a new server has been ordered to arrive Tuesday. I have one of the disks and i have pulled the data off and copied to my laptop. I have got a copy of the exchange .edb files. I have installed ontrack power controls and going to give that a go to try and extract the mailboxes to pst files ready to import back in.

But, what i need some assistance on..

My IT Manager and myself will be attending site on Tuesday to take over the rebuild from the companys on site IT chap. I have done a rebuild of a D.C once before, where i had to reload the OS. I set the server back up with exactley the same details (name, IP etc) removed machines from the domain and re-added and everything seemed to be okay. But, this is a huge network. 4 other servers run off the DC (sql programs, printers etc) So what is going to be the best way to do this? The onsite IT chap is unsure when his last sucessful backup was...Server crashed twice over wednesday and thursday and he didnt take a manual backup...but we cant reset the whole network up again..

Look forward to your answers..

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Megadeth4168

OK, I don't think I'm quite following you here....

How many Domain Controllers are in the domain?
If you need to rebuild the DC and there are other DC's on the domain then you need to do a Meta Data Cleanup. If you simply rebuild the DC and give it all the same information the SID will not be the same, therefor any Master roles will not operate correctly. They will show up fine in the GUI but when you do a DCDIAG you will see that it is referencing and incorrect SID. Anyway, the main thing we need to know is how many Domain controllers.

paintb4707

I think what he meant was this is the only DC and there are 4 other member servers under this domain.

I imagine there isn't anything left to do if he doesn't have a recent backup but hopefully someone more experienced will chime in.

d4nmf

Sorry, 1 D.C which is dead and the other servers are just member servers

royal

I seriously cannot believe companies that have only 1 DC. I don't care how small you are. You ABSOLUTELY NEED more than 1 DC, even if it's a workstation running a VM with its' SRV at a higher weight.

If they don't have a full backup, and they at least have the system state backed up (god i would hope so with 1 DC), then their only option is to pretty much re-do a DCPROMO /adv and point it to the system state that was hopefully backed up sometime in the past.

There's also the Quest Recovery Manager for Active Directory. It can also restore AD, but it's best feature is granular recovery. Since you need to restore all of AD, you might as well save the money and just dcpromo /adv.

SERIOUSLY PEOPLE. INSTALL MORE THAN 1 DC. IT'S ESSENTIAL!!!!!!!!!!!!!

dynamik

Did you ever determine what failed on the server?

What data do you have access to? We you able to get everything off of the drive(s)?

If the drives are ok, it might be easier to simply buy a new mobo, raid controller, etc.

cisco_trooper

royal wrote:

I seriously cannot believe companies that have only 1 DC. I don't care how small you are. You ABSOLUTELY NEED more than 1 DC, even if it's a workstation running a VM with its' SRV at a higher weight.

If they don't have a full backup, and they at least have the system state backed up (god i would hope so with 1 DC), then their only option is to pretty much re-do a DCPROMO /adv and point it to the system state that was hopefully backed up sometime in the past.

There's also the Quest Recovery Manager for Active Directory. It can also restore AD, but it's best feature is granular recovery. Since you need to restore all of AD, you might as well save the money and just dcpromo /adv.

SERIOUSLY PEOPLE. INSTALL MORE THAN 1 DC. IT'S ESSENTIAL!!!!!!!!!!!!!

No kidding. ...And to be unsure of when the last successful backup of that ONE DC was.. Christ. Someone should be fired.

HeroPsycho

Not to mention the sole DC was also apparently an Exchange server on the same box, too. They could afford 5 servers but couldn't have 2 DC's, nor put Exchange on its own box?

FOR SHAME!

And if you're gonna do something that stupid, at least have a good backup/restore infrastructure like BackupExec System Recovery so when the crap hits the fan, the crap is easier to clean up.

Pash

HeroPsycho wrote:

Not to mention the sole DC was also apparently an Exchange server on the same box, too. They could afford 5 servers but couldn't have 2 DC's, nor put Exchange on its own box?

FOR SHAME!

And if you're gonna do something that stupid, at least have a good backup/restore infrastructure like BackupExec System Recovery so when the crap hits the fan, the crap is easier to clean up.

Yeh I completely agree and unfortunately many real world companies have terrible multi server roles and badly desgined infrastructure. Sometimes it is because of budgetery reasons but many times its for misinformed businesses who never really understand why they shouldnt do xyz. The only reason they might do it that way is because their inhouse IT staff think it's best. Theres two extremes i can think of for our customers.

One is a financial institution and has their backup server running on their main DC (as in full FSMO). Any issues with the backup service and it has to be out of hours every time to do any maintenance work. The reasons for not changing this has never been made clear to me but i would never ever recommend this.

The other is a research company. They have all server roles you can think of assgined to different servers and have backup plans for them. Several DC's, a backup server, a distrib server, an AV server/security server and several application servers.

Even business managers can be convinced if you say to them, by putting important roles onto the same box you will end up costing the business more money over time due to ot of hours work required or emergency work required because of poorly desgined infrastructure.

d4nmf

No point shouting at my chaps, we got the call on Friday morning as a ad-hoc call and thats the first time we have seen the network.

Unfortunatly, hindsight is a wonderful thing, and while the IT guy knows he should of had 2 D.C's the company that set it up never done it.