Sign in with
Sign up | Sign in
Your question

Corrupt DC

Last response: in Windows 2000/NT
Share
Anonymous
March 10, 2005 12:44:56 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

After a power failure the partition with NTDSlogs directory was corrupt for
a DC.
After fixing a new partition for that we runned ntdsutil and as we can see
everything looks ok (auth restore/recover/integrity-commands return
errorcode=0), but when rebooting into normal state it ends up with popup
about that lsass could not start->ok=reboot.
Have tried to copied NTDS-database/logs from another DC (same domain) with
same result.
Maybe some command in ntdsutil we missed, but I cannot find what it could
be.

Any idea about what to do?

Cannot run dcpromo to demote it from DC when booting into AD restore mode.
Is it possibly to force a server out of its "DC-believing" another way and
by that way re-promote it as DC?

More about : corrupt

Anonymous
March 11, 2005 5:27:03 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Henrik,

This is not an easy process if it's the first time you've done it. First,
you need to do a metadata cleanup on a functional DC, preferably the PDC
emulator. See KB article 216498. This takes all the information about the
corrupt DC out of AD.

Next step is to boot the corrupt DC into AD Restore mode, and change the
value at

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType

from LanmanNT to ServerNT. Now the DC thinks it's a member server and will
boot into windows normally. At this point the machine thinks it's a member
server but it's still carrying all the backage from being a DC, the sysvol,
netlogon, etc. Disjoin the machine from your domain, DCPromo it up to a dummy
domain, such as mydomain.com, just make sure this has nothing to do with your
current domain, demote it gracefully and it will clear out the sysvol,
netlogon, etc. Now rejoin it to your domain as a member server and DCPromo it
back into your current domain.

Sounds like fun, doesn't it?


"Henrik Johansson" wrote:

> After a power failure the partition with NTDSlogs directory was corrupt for
> a DC.
> After fixing a new partition for that we runned ntdsutil and as we can see
> everything looks ok (auth restore/recover/integrity-commands return
> errorcode=0), but when rebooting into normal state it ends up with popup
> about that lsass could not start->ok=reboot.
> Have tried to copied NTDS-database/logs from another DC (same domain) with
> same result.
> Maybe some command in ntdsutil we missed, but I cannot find what it could
> be.
>
> Any idea about what to do?
>
> Cannot run dcpromo to demote it from DC when booting into AD restore mode.
> Is it possibly to force a server out of its "DC-believing" another way and
> by that way re-promote it as DC?
>
>
>
Anonymous
March 12, 2005 6:21:33 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks for the info.
I try that out later.
/Henrik

"kevw" <kevw@discussions.microsoft.com> wrote in message
news:35AE47FA-DD52-484D-8313-5BF3EE9688E2@microsoft.com...
> Henrik,
>
> This is not an easy process if it's the first time you've done it.
First,
> you need to do a metadata cleanup on a functional DC, preferably the PDC
> emulator. See KB article 216498. This takes all the information about the
> corrupt DC out of AD.
>
> Next step is to boot the corrupt DC into AD Restore mode, and change the
> value at
>
>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductTy
pe
>
> from LanmanNT to ServerNT. Now the DC thinks it's a member server and will
> boot into windows normally. At this point the machine thinks it's a member
> server but it's still carrying all the backage from being a DC, the
sysvol,
> netlogon, etc. Disjoin the machine from your domain, DCPromo it up to a
dummy
> domain, such as mydomain.com, just make sure this has nothing to do with
your
> current domain, demote it gracefully and it will clear out the sysvol,
> netlogon, etc. Now rejoin it to your domain as a member server and DCPromo
it
> back into your current domain.
>
> Sounds like fun, doesn't it?
>
>
> "Henrik Johansson" wrote:
>
> > After a power failure the partition with NTDSlogs directory was corrupt
for
> > a DC.
> > After fixing a new partition for that we runned ntdsutil and as we can
see
> > everything looks ok (auth restore/recover/integrity-commands return
> > errorcode=0), but when rebooting into normal state it ends up with popup
> > about that lsass could not start->ok=reboot.
> > Have tried to copied NTDS-database/logs from another DC (same domain)
with
> > same result.
> > Maybe some command in ntdsutil we missed, but I cannot find what it
could
> > be.
> >
> > Any idea about what to do?
> >
> > Cannot run dcpromo to demote it from DC when booting into AD restore
mode.
> > Is it possibly to force a server out of its "DC-believing" another way
and
> > by that way re-promote it as DC?
> >
> >
> >
!