Active Directory Corrupt

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

So the active directory logs were stored on the raid array that went down,
and could not be recovered, so I gathered new drives, created a new logical
drive, copied all the data backed up from my backups back to it. The main dit
file is still on the C:\win\NTDS\. But the Active directory logs never got
backed up (I'm taking over for another admin) so I don't have a backup. But
this is a small company with less than 10 Users, so I can just start over, no
problem. Except every article on recovery has failed at one point or another,
and demoting the PDC (the only DC) is unsuccessful due to it only booting
into Safe Mode for Active Directory Recovery. And it won't let me demote
anything, furthermore I tried connecting to localhost in ntdsutil and cannot
as it runs out of "ends" and I looked that up and found that it might have
something to do with the Ports on the RPC Service. I just think I'm digging a
hole here... and all I want to do is start over without reformatting the
box... as my predecessor did not leave me with some of the disks for backup
software, even though I have licenses and invoices for them, I'd need to
re-request copies which could take a while...

Any Suggestions would help immensely!

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Andrei,

If you want to demote the server and rebuild the domain without reinstalling
the OS you can do the following:

1) DCPROMO (If this fails move on)
2) DCPROMO /FORCEREMOVAL (this will likely not work on the last DC)

You can use this as a last resort:

3) Boot into Directory Services Restore Mode (you will need to know password)
4) Open registry editor
5) Navigate to HKLM\System\CCS\Control\ProductOptions
6) Change the Product Type value from "LanmanNT" to "ServerNT"
7) Reboot

This change will make the computer act as a standalone server. You will need
to login using the local Administrative password (what the password was
before running DC promo / DSRM password). Lot of services will fail to start
as they are still set as they would be on a DC.

At this point I suggest that you promote the server to a fake domain (Eg:
DELETE.ME) and use the same database and log paths as in the initial
installation. You will be prompted that NTDS.DIT exists and so on, select
overwrite / continue / ignore option. Once this is done, demote the server
back down.

At this point you can promote it back to the original domain name. The
promotion to the temporary domain is done to clean up left overs so you have
a brand new NTDS.DIT when you go back to your initial domain. I have done
this procedure numerous times and it works 100%.

The only caveat is you need to know the DSRM password. I suggest that if you
can get into DRSM, you reset the Administrator's password.

Good Luck,


Bart

"Andrei Maraklov" wrote:

> So the active directory logs were stored on the raid array that went down,
> and could not be recovered, so I gathered new drives, created a new logical
> drive, copied all the data backed up from my backups back to it. The main dit
> file is still on the C:\win\NTDS\. But the Active directory logs never got
> backed up (I'm taking over for another admin) so I don't have a backup. But
> this is a small company with less than 10 Users, so I can just start over, no
> problem. Except every article on recovery has failed at one point or another,
> and demoting the PDC (the only DC) is unsuccessful due to it only booting
> into Safe Mode for Active Directory Recovery. And it won't let me demote
> anything, furthermore I tried connecting to localhost in ntdsutil and cannot
> as it runs out of "ends" and I looked that up and found that it might have
> something to do with the Ports on the RPC Service. I just think I'm digging a
> hole here... and all I want to do is start over without reformatting the
> box... as my predecessor did not leave me with some of the disks for backup
> software, even though I have licenses and invoices for them, I'd need to
> re-request copies which could take a while...
>
> Any Suggestions would help immensely!
>