Sign in with
Sign up | Sign in
Your question

AD Disaster Recovery - ntdsutil permission denied

Last response: in Windows 2000/NT
Share
Anonymous
July 27, 2005 11:08:04 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We have had massive crash of the HDD on our DC. there are no other DC's left
in the domain. We have gone through the disaster recovery options of
restoring the system state from backup, f8 for AD recovery mode. when we try
to run ntdsutil recover database we get a jetdbinitializefailure (or
something similiar) permission denied error (. I have checked permission of
the ntds folder, systemroot and root for Administrator and System).

Any help appreciated. Will save us hours in building a new AD.
TIA
Anonymous
July 27, 2005 9:35:43 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> We have had massive crash of the HDD on our DC. there are no
> other DC's left
> in the domain. We have gone through the disaster recovery
> options of
> restoring the system state from backup, f8 for AD recovery
> mode. when we try
> to run ntdsutil recover database we get a
> jetdbinitializefailure (or
> something similiar) permission denied error (. I have checked
> permission of
> the ntds folder, systemroot and root for Administrator and
> System).
>
> Any help appreciated. Will save us hours in building a new AD.
> TIA

if you have a backup of the DC, why not just restore the system disk
and the system state? That should do it

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-AD-Disast...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1327729
Anonymous
July 28, 2005 8:28:02 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Restore crashes when restoring the resgistry hives

"Jorge_de_Almeida_Pinto" wrote:

> "" wrote:
> > We have had massive crash of the HDD on our DC. there are no
> > other DC's left
> > in the domain. We have gone through the disaster recovery
> > options of
> > restoring the system state from backup, f8 for AD recovery
> > mode. when we try
> > to run ntdsutil recover database we get a
> > jetdbinitializefailure (or
> > something similiar) permission denied error (. I have checked
> > permission of
> > the ntds folder, systemroot and root for Administrator and
> > System).
> >
> > Any help appreciated. Will save us hours in building a new AD.
> > TIA
>
> if you have a backup of the DC, why not just restore the system disk
> and the system state? That should do it
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's request
> Articles individually checked for conformance to usenet standards
> Topic URL: http://www.windowsforumz.com/Active-Directory-AD-Disast...
> Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1327729
>
Related resources
Can't find your answer ? Ask !
Anonymous
July 31, 2005 6:36:18 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> We have had massive crash of the HDD on our DC. there are no
> other DC's left
> in the domain. We have gone through the disaster recovery
> options of
> restoring the system state from backup, f8 for AD recovery
> mode. when we try
> to run ntdsutil recover database we get a
> jetdbinitializefailure (or
> something similiar) permission denied error (. I have checked
> permission of
> the ntds folder, systemroot and root for Administrator and
> System).
>
> Any help appreciated. Will save us hours in building a new AD.
> TIA

Hi

I would suggest you to go ahead and repromote your DC as the previous
domain
make sure if you want to restore the backup of the previous domain
then you should have the same configuration of the DC as the previous
DC
like same domain name
same partition space
same drivers of other Devices

and then restore the system state backup of the domain

and it will work for you


---
Nitin

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-AD-Disast...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1331943
Anonymous
August 13, 2005 7:26:03 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

nitin,

I've restored the crashed DC from backup, however, administrator account is
the only allowed account to logon. I restored the C;\ drive and system state.
All operation master roles and GC are enabled on that machine. In AD console
I can see all the restored accounts but can't use any to login. Any idea? The
steps I follwed to restore are:

1. install server 2003
2. run ntbackup to restore C:\ and system state
3. emodify 'BurFlags' registry key since the restoration is done on
different hardware.
4. reboot
5. Try to login to the restored domain using any domain account (fail).
Login using administrator account will be accepted
7.seize operation master roles
8. verify GC
9. Verify AD console accounts

Is there any other steps I'm missing?! Help please

"nitin" wrote:

> "" wrote:
> > We have had massive crash of the HDD on our DC. there are no
> > other DC's left
> > in the domain. We have gone through the disaster recovery
> > options of
> > restoring the system state from backup, f8 for AD recovery
> > mode. when we try
> > to run ntdsutil recover database we get a
> > jetdbinitializefailure (or
> > something similiar) permission denied error (. I have checked
> > permission of
> > the ntds folder, systemroot and root for Administrator and
> > System).
> >
> > Any help appreciated. Will save us hours in building a new AD.
> > TIA
>
> Hi
>
> I would suggest you to go ahead and repromote your DC as the previous
> domain
> make sure if you want to restore the backup of the previous domain
> then you should have the same configuration of the DC as the previous
> DC
> like same domain name
> same partition space
> same drivers of other Devices
>
> and then restore the system state backup of the domain
>
> and it will work for you
>
>
> ---
> Nitin
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's request
> Articles individually checked for conformance to usenet standards
> Topic URL: http://www.windowsforumz.com/Active-Directory-AD-Disast...
> Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1331943
>
Anonymous
August 18, 2005 5:35:40 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> nitin,
>
> I've restored the crashed DC from backup, however,
> administrator account is
> the only allowed account to logon. I restored the C; drive
> and system state.
> All operation master roles and GC are enabled on that machine.
> In AD console
> I can see all the restored accounts but can't use any to
> login. Any idea? The
> steps I follwed to restore are:
>
> 1. install server 2003
> 2. run ntbackup to restore C: and system state
> 3. emodify 'BurFlags' registry key since the restoration is
> done on
> different hardware.
> 4. reboot
> 5. Try to login to the restored domain using any domain
> account (fail).
> Login using administrator account will be accepted
> 7.seize operation master roles
> 8. verify GC
> 9. Verify AD console accounts
>
> Is there any other steps I'm missing?! Help please
>
> "nitin" wrote:
>
> > "" wrote:
> > > We have had massive crash of the HDD on our DC. there
> are no
> > > other DC's left
> > > in the domain. We have gone through the disaster recovery
> > > options of
> > > restoring the system state from backup, f8 for AD
> recovery
> > > mode. when we try
> > > to run ntdsutil recover database we get a
> > > jetdbinitializefailure (or
> > > something similiar) permission denied error (. I have
> checked
> > > permission of
> > > the ntds folder, systemroot and root for Administrator
> and
> > > System).
> > >
> > > Any help appreciated. Will save us hours in building a
> new AD.
> > > TIA
> >
> > Hi
> >
> > I would suggest you to go ahead and repromote your DC as the
> previous
> > domain
> > make sure if you want to restore the backup of the previous
> domain
> > then you should have the same configuration of the DC as the
> previous
> > DC
> > like same domain name
> > same partition space
> > same drivers of other Devices
> >
> > and then restore the system state backup of the domain
> >
> > and it will work for you
> >
> >
> > ---
> > Nitin
> >
> > --
> > Posted using the http://www.windowsforumz.com interface, at author's request
> > Articles individually checked for conformance to usenet
> standards
> > Topic URL: http://www.windowsforumz.com/Active-Directory-AD-Disast...
> > Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1331943
> >

Hi,

First, by default no body is allowed to logon to the DC.

and if you want to allow others to logon to the DC
then follow these steps


click on start--> click on Run

type dsa.msc

do a right click on the domain controllers on the left side

click on properties
click on group policy tab,

select default domain controllers policy,
click on edit

expand computer confuiguration
expand windows settings
expand security settings
expand local policies
click on user rights assignment

and then on the right side
locate "Allow logon locally"
and then add those users whome you want to give rights to logon
locally on the domain controller


reboot the domain controller

and then see if others can logon to the domain controller or not


----
Nitin
!