AD Restore not working

[Shiva]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Dear Group,

I'm trying to restore AD to new DC.

I want to have in my test lab the exact AD content as in my production
environment. I'm aware it will never be exactly the same because of the
replciation partners, sites which are not there etc.


What I did is the following:

I have a systemstate of domain company.org. I set up a DC with the same
AD name. Rebooted in save mode for domaincontrollers and to copied the
NTDS.dit. A fully restore of the systemstate is no option because the
hardware is different. Guess wat, I cant get this to work. For some
reason the database is corrupt. If I do recover than it should be ok but
if I do a "symantec analysis" its corrupted again. I was hoping to get
this working because then I had all my objects as in the production
environment including the GPO's in my AD. I thought the GPO where in the
AD but I see them aswell in my sysvol directory.

Is this scenario not a option ? Why not ?
Do I have to use ldifde to export AD and import it in my test environment. ?

Thanks for your advise.

Best Regards,
Shiva

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

If the server in the lab is the same basic kind of hardware, why don't you
just image the original and restore to the lab machine?

otherwise, look through the following article for the steps necessary to
restore Active Directory to a server with different hardware configuration:

http://support.microsoft.com/kb/263532

-ds



"Shiva" <ask@me.nl> wrote in message
news:110bhi81e9hd869@corp.supernews.com...
> Dear Group,
>
> I'm trying to restore AD to new DC.
>
> I want to have in my test lab the exact AD content as in my production
> environment. I'm aware it will never be exactly the same because of the
> replciation partners, sites which are not there etc.
>
>
> What I did is the following:
>
> I have a systemstate of domain company.org. I set up a DC with the same AD
> name. Rebooted in save mode for domaincontrollers and to copied the
> NTDS.dit. A fully restore of the systemstate is no option because the
> hardware is different. Guess wat, I cant get this to work. For some reason
> the database is corrupt. If I do recover than it should be ok but if I do
> a "symantec analysis" its corrupted again. I was hoping to get this
> working because then I had all my objects as in the production environment
> including the GPO's in my AD. I thought the GPO where in the AD but I see
> them aswell in my sysvol directory.
>
> Is this scenario not a option ? Why not ?
> Do I have to use ldifde to export AD and import it in my test environment.
> ?
>
> Thanks for your advise.
>
> Best Regards,
> Shiva

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

System State is the only way I know.
Also look at some new features of Windows 2003 as Restore AD from Media.


--
Andrei Ungureanu
www.eventid.net
Free Windows event logs reports
http://www.altairtech.ca/evlog/

"Dave Shaw [MVP]" <dhshaw@msn.com> wrote in message
news:emreG3DDFHA.720@TK2MSFTNGP10.phx.gbl...
> If the server in the lab is the same basic kind of hardware, why don't you
> just image the original and restore to the lab machine?
>
> otherwise, look through the following article for the steps necessary to
> restore Active Directory to a server with different hardware
> configuration:
>
> http://support.microsoft.com/kb/263532
>
> -ds
>
>
>
> "Shiva" <ask@me.nl> wrote in message
> news:110bhi81e9hd869@corp.supernews.com...
>> Dear Group,
>>
>> I'm trying to restore AD to new DC.
>>
>> I want to have in my test lab the exact AD content as in my production
>> environment. I'm aware it will never be exactly the same because of the
>> replciation partners, sites which are not there etc.
>>
>>
>> What I did is the following:
>>
>> I have a systemstate of domain company.org. I set up a DC with the same
>> AD name. Rebooted in save mode for domaincontrollers and to copied the
>> NTDS.dit. A fully restore of the systemstate is no option because the
>> hardware is different. Guess wat, I cant get this to work. For some
>> reason the database is corrupt. If I do recover than it should be ok but
>> if I do a "symantec analysis" its corrupted again. I was hoping to get
>> this working because then I had all my objects as in the production
>> environment including the GPO's in my AD. I thought the GPO where in the
>> AD but I see them aswell in my sysvol directory.
>>
>> Is this scenario not a option ? Why not ?
>> Do I have to use ldifde to export AD and import it in my test
>> environment. ?
>>
>> Thanks for your advise.
>>
>> Best Regards,
>> Shiva
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Actually it is called "Install from Media" and I don't think it will work in
this scenario as it needs network conectivity to the existing domain. I
haven't tryed to do this with this options but maybe someone else knows
more.



--
Andrei Ungureanu
www.eventid.net
Free Windows event logs reports
http://www.altairtech.ca/evlog/

"Andrei Ungureanu" <andreix at msn dot com> wrote in message
news:uLKGbCFDFHA.3688@TK2MSFTNGP14.phx.gbl...
> System State is the only way I know.
> Also look at some new features of Windows 2003 as Restore AD from Media.
>
>
> --
> Andrei Ungureanu
> www.eventid.net
> Free Windows event logs reports
> http://www.altairtech.ca/evlog/
>
> "Dave Shaw [MVP]" <dhshaw@msn.com> wrote in message
> news:emreG3DDFHA.720@TK2MSFTNGP10.phx.gbl...
>> If the server in the lab is the same basic kind of hardware, why don't
>> you just image the original and restore to the lab machine?
>>
>> otherwise, look through the following article for the steps necessary to
>> restore Active Directory to a server with different hardware
>> configuration:
>>
>> http://support.microsoft.com/kb/263532
>>
>> -ds
>>
>>
>>
>> "Shiva" <ask@me.nl> wrote in message
>> news:110bhi81e9hd869@corp.supernews.com...
>>> Dear Group,
>>>
>>> I'm trying to restore AD to new DC.
>>>
>>> I want to have in my test lab the exact AD content as in my production
>>> environment. I'm aware it will never be exactly the same because of the
>>> replciation partners, sites which are not there etc.
>>>
>>>
>>> What I did is the following:
>>>
>>> I have a systemstate of domain company.org. I set up a DC with the same
>>> AD name. Rebooted in save mode for domaincontrollers and to copied the
>>> NTDS.dit. A fully restore of the systemstate is no option because the
>>> hardware is different. Guess wat, I cant get this to work. For some
>>> reason the database is corrupt. If I do recover than it should be ok but
>>> if I do a "symantec analysis" its corrupted again. I was hoping to get
>>> this working because then I had all my objects as in the production
>>> environment including the GPO's in my AD. I thought the GPO where in the
>>> AD but I see them aswell in my sysvol directory.
>>>
>>> Is this scenario not a option ? Why not ?
>>> Do I have to use ldifde to export AD and import it in my test
>>> environment. ?
>>>
>>> Thanks for your advise.
>>>
>>> Best Regards,
>>> Shiva
>>
>>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

You basically have 4 options to get a copy of your production AD into a lab

I will assume you have a single domain forest. More than one complicates
duplicating production into the lab, and may change which method is "best"

1) Create a ghost image of a GC.
deploy the image onto an identical server in the lab.
log in and seize all FSMO roles it did not own.
perform a metadata cleanup for the non-existent production DCs using
KB216498

2) Perform a system state backup of a GC.
restore the system state onto similiar hardware in the lab. KB263532
log into restored server and seize all FSMOs it did not own.
perform metadata cleanup for the non-existent production DCs using KB216498

3) Assuming you have a mirrored system volume on one of your GCs.
Use the mirrored drive and put it into an identical hardware server.
bootup and seize all FSMOs. perform metadata cleanup for the non-existent
production DCs using KB216498

4)
Bring in an additional GC into your domain. Once you have verified it is a
healthy replica, take it off the prod network and put it into the lab.
Seize all FSMOs.
perform metadata cleanup for the non-existent production DCs using KB216498
perform metadata cleanup of this new server in your production domain.


This last method is my preference for both single domain forests and
multidomain forests.
In multidomain forests, you would need (for this last method) to bring an
additonal DC into each domain in production prior to taking them into the
lab.
This last method also will not use existing DC names in the lab.


Regards,


--
Glenn L
CCNA, MCSE 2000/2003 + Security

"Shiva" <ask@me.nl> wrote in message
news:110bhi81e9hd869@corp.supernews.com...
> Dear Group,
>
> I'm trying to restore AD to new DC.
>
> I want to have in my test lab the exact AD content as in my production
> environment. I'm aware it will never be exactly the same because of the
> replciation partners, sites which are not there etc.
>
>
> What I did is the following:
>
> I have a systemstate of domain company.org. I set up a DC with the same AD
> name. Rebooted in save mode for domaincontrollers and to copied the
> NTDS.dit. A fully restore of the systemstate is no option because the
> hardware is different. Guess wat, I cant get this to work. For some reason
> the database is corrupt. If I do recover than it should be ok but if I do
> a "symantec analysis" its corrupted again. I was hoping to get this
> working because then I had all my objects as in the production environment
> including the GPO's in my AD. I thought the GPO where in the AD but I see
> them aswell in my sysvol directory.
>
> Is this scenario not a option ? Why not ?
> Do I have to use ldifde to export AD and import it in my test environment.
> ?
>
> Thanks for your advise.
>
> Best Regards,
> Shiva