Sign in with
Sign up | Sign in
Your question

Windows Server 2003 Domain Crashed - No backup!

Tags:
  • Management
  • Windows Server 2003
  • Backup
  • Domain
  • Business Computing
Last response: in Business Computing
Share
March 10, 2012 6:45:28 AM

This is probably hopeless, but hoping for some kind of solution, even if time consuming.

I was asked to install some anti-virus software on a Windows Server 2003 Domain and did not check for a recent backup. I installed the latest updates first, rebooted and the RAID was critical. The server did not finish re-boot, the Domain service failed to start. Recovery console will not start. The utility partition is missing. The RAID status was scrubbing a few times, then critical again.

There is no backup! I'm hoping to recover files off the drive. It's a SCSI hot swappable drive. Maybe us UMOVE if I can find an external enclosure for it.

There are only 12 clients. Is there a way to rebuild the domain and active directory? Can I use the NTUSER.DAT file some how?

The option I was thinking was to recreate it from scratch, then move all the files to new user profiles and leave NTUSER behind. They have offline files enabled and can still log-in, for now.

I now know not to assume there is a backup. Actually I already knew that, but now I will not assume!

More about : windows server 2003 domain crashed backup

March 10, 2012 9:33:45 AM

baddogcomputing said:
This is probably hopeless, but hoping for some kind of solution, even if time consuming.

I was asked to install some anti-virus software on a Windows Server 2003 Domain and did not check for a recent backup. I installed the latest updates first, rebooted and the RAID was critical. The server did not finish re-boot, the Domain service failed to start. Recovery console will not start. The utility partition is missing. The RAID status was scrubbing a few times, then critical again.

There is no backup! I'm hoping to recover files off the drive. It's a SCSI hot swappable drive. Maybe us UMOVE if I can find an external enclosure for it.

There are only 12 clients. Is there a way to rebuild the domain and active directory? Can I use the NTUSER.DAT file some how?

The option I was thinking was to recreate it from scratch, then move all the files to new user profiles and leave NTUSER behind. They have offline files enabled and can still log-in, for now.

I now know not to assume there is a backup. Actually I already knew that, but now I will not assume!



what is the server hardware ? what kind of raid is it 0,1 ? , is it software or hardware raid ?

March 10, 2012 9:54:45 AM

This is bad.
Your best bet is to take the raid and stick it on another machine if possible and go in with a RAID recovery software like something from diskinternals. Your mileage will vary depending on how bad the raid is.
Related resources
March 10, 2012 9:56:04 AM

Also, they let you try the full feature trial for free.
March 10, 2012 3:21:28 PM

Do you know what kind of RAID array the system was running, and what kind of controller is in the server?

If in doubt, and you have all your data on that array that needs to be recovered, don't waste your time or try anything that can cause even more trouble: just contact a professional data recovery services to get your information back properly. Yes, this is going to be expensive, but at least they will know how to properly handle it to hopefully recover data. However, if you go trying to mess with the drives and RAID with other software you may completely lose any chance of recovering data.
March 10, 2012 9:12:24 PM

memadmax said:
This is bad.
Your best bet is to take the raid and stick it on another machine if possible and go in with a RAID recovery software like something from diskinternals. Your mileage will vary depending on how bad the raid is.



Server: Dell PowerEdge 2650 with a hardware RAID 1.

The RAID container would still mount so I was able to get to the folders required for UMOVE from another Server 2003 installation. I started a backup just before I had to leave. I will be back in the office soon to see if it was successful and if UMOVE can recover it.

Hopefully the databases are not too corrupt.

Thanks for the replies. I'll let you know if it works.
March 10, 2012 9:33:06 PM

baddogcomputing said:
This is probably hopeless, but hoping for some kind of solution, even if time consuming.

I was asked to install some anti-virus software on a Windows Server 2003 Domain and did not check for a recent backup. I installed the latest updates first, rebooted and the RAID was critical. The server did not finish re-boot, the Domain service failed to start. Recovery console will not start. The utility partition is missing. The RAID status was scrubbing a few times, then critical again.

There is no backup! I'm hoping to recover files off the drive. It's a SCSI hot swappable drive. Maybe us UMOVE if I can find an external enclosure for it.

There are only 12 clients. Is there a way to rebuild the domain and active directory? Can I use the NTUSER.DAT file some how?

The option I was thinking was to recreate it from scratch, then move all the files to new user profiles and leave NTUSER behind. They have offline files enabled and can still log-in, for now.

I now know not to assume there is a backup. Actually I already knew that, but now I will not assume!


It sounds like you may be able to recover if your able to copy and relocate the AD database files to another newly built AD server:

http://technet.microsoft.com/en-us/library/cc782948(v=ws.10).aspx

Oh and by the way 12 clients isn't a big deal. You may be better off rebuilding the AD server as a Windows 2008 R2 SP1 server and starting from scratch... booyah!
March 11, 2012 6:41:19 PM

jonathanrhunter said:
It sounds like you may be able to recover if your able to copy and relocate the AD database files to another newly built AD server:

http://technet.microsoft.com/en-us/library/cc782948(v=ws.10).aspx

Oh and by the way 12 clients isn't a big deal. You may be better off rebuilding the AD server as a Windows 2008 R2 SP1 server and starting from scratch... booyah!


Update:

The ntds.dit file failed integrity check, repair and offline defrag.

Problem I'm facing with recreating from scratch:

Folder redirection was setup to a NAS (Buffalo Linkstation setup with a RAID 1). Offline files was enabled for most people, and some had too many files to load them all into offline files. Is there anyway to access those files after recreating a domain from scratch?

I've backed up some users and migrated them to local accounts for now. I left the computer domain enrollment alone for now.

It looks like 2-3 users lose some important files if these redirected folders cannot be accessed.

Thanks again for the replies.
March 11, 2012 10:00:49 PM

baddogcomputing said:
Update:

The ntds.dit file failed integrity check, repair and offline defrag.

Problem I'm facing with recreating from scratch:

Folder redirection was setup to a NAS (Buffalo Linkstation setup with a RAID 1). Offline files was enabled for most people, and some had too many files to load them all into offline files. Is there anyway to access those files after recreating a domain from scratch?

I've backed up some users and migrated them to local accounts for now. I left the computer domain enrollment alone for now.

It looks like 2-3 users lose some important files if these redirected folders cannot be accessed.

Thanks again for the replies.


First sync offline files from all workstations, that gives you the latest copy on NAS.
Now what is the server state ? windows up and AD services down ?
verified it is no hardware issue ? you might want to uninstall the AV software from server and restart the server
and start troubleshoot the services issues via event log.
second option is reinstalling the server create the domain from scratch and then join all the workstations back to the domain, recreate permission's on the NAS.
I cannot tell you if a new profile will be created on the workstation's , but if so all material will be under the old profile
so you can import it back.
March 11, 2012 10:11:05 PM

Cjar said:
First sync offline files from all workstations, that gives you the latest copy on NAS.
Now what is the server state ? windows up and AD services down ?
verified it is no hardware issue ? you might want to uninstall the AV software from server and restart the server
and start troubleshoot the services issues via event log.
second option is reinstalling the server create the domain from scratch and then join all the workstations back to the domain, recreate permission's on the NAS.
I cannot tell you if a new profile will be created on the workstation's , but if so all material will be under the old profile
so you can import it back.


The event log is corrupt too. Also tried opening it on a different computer. I can't find any other log that showed a time after windows update completed. The NTDS.dit file is corrupt and will not recover, would further troubleshooting the OS be of any value?

Sync won't work because the NAS can't find the Domain. Will recreating from scratch still allow people to access My Documents folder with exclusive access to that user? Assuming same name, same password? I was assuming there was more to it than that with AD.

If not, do you know of any services that could get in if I send the drive? It's only 2-3 users that I won't be able to restore all files for.

Thanks.
March 11, 2012 10:15:27 PM

and computer boots in Directory Restore Mode only.
March 11, 2012 11:01:36 PM

baddogcomputing said:
The event log is corrupt too. Also tried opening it on a different computer. I can't find any other log that showed a time after windows update completed. The NTDS.dit file is corrupt and will not recover, would further troubleshooting the OS be of any value?

Sync won't work because the NAS can't find the Domain. Will recreating from scratch still allow people to access My Documents folder with exclusive access to that user? Assuming same name, same password? I was assuming there was more to it than that with AD.

If not, do you know of any services that could get in if I send the drive? It's only 2-3 users that I won't be able to restore all files for.

Thanks.


Try and clear event log for applications and system it will recreate the log and start logging new events.

As for the NAS you can Rejoin it to the new recreated domain via management console , only thing you will
need to recreate the permissions of the files and folders on it (hint : take ownership).

i would recommend you clear the event logs first and start from there.
is the AV software still installed ? if so try and uninstall it , or exclude the windows directory from online scanning.
March 11, 2012 11:13:58 PM

is there by chance previous version enabled on the system ? if so you might copy healthy version of ntds.dit aside and try to set path to the working file
March 12, 2012 10:03:13 PM

Found an old version of the NTDS.DIT file, but that was from the day the domain name was changed.

I setup a new AD server and I moved a lot of the files, but I cannot change ownership fo the My Documents that are hosted on a Buffalo Linkstation Duo. It's linux based and they do not support filed level permissions.

After a lot of seaching, it looks like I'll have to log in via telnet, or take the drives out of the box and mount them to another computer and take ownership that way. any thoughts before I do that? Buffalo voids the warranty if I connect via telnet, so they won't be helping.
March 12, 2012 10:03:45 PM

The server did have anti-virus
March 13, 2012 1:22:14 PM

How many days has the server been down now? You're working on a limited time frame so even if you are able to restore AD, it may not work.

Users are probably logging in with cached credentials which will expire after a set amount of attempts. If the NTDS.DIT file is over 15 days old you may as well forget about using it since the computers won't restore their connection. Yeah, you might have users and some GPOs restored if you're lucky.

Any documentation on the environment? No back up, rookie mistake there and a learning experience on the bright side.

If you had a system state backup you could restore that and resolve many of the issues.

If you have a good idea of how it was configured and were confident in your abilities you could likely rebuild the entire environment in a few hours.
March 13, 2012 5:38:03 PM

riser said:
How many days has the server been down now? You're working on a limited time frame so even if you are able to restore AD, it may not work.

Users are probably logging in with cached credentials which will expire after a set amount of attempts. If the NTDS.DIT file is over 15 days old you may as well forget about using it since the computers won't restore their connection. Yeah, you might have users and some GPOs restored if you're lucky.

Any documentation on the environment? No back up, rookie mistake there and a learning experience on the bright side.

If you had a system state backup you could restore that and resolve many of the issues.

If you have a good idea of how it was configured and were confident in your abilities you could likely rebuild the entire environment in a few hours.



I had the environment documented and have rebuilt it, that was the easy part.

I'm waiting on a call back from Microsoft to download csccmd 1.1. They only have 1.0 on-line and it says to call for 1.1.

That'll recover one of my problem PCs.

Still trying to find a way to take ownership of the files on the Buffalo Duo NAS. They don't support file level permissions so taking ownership doesn't work. I may have to flash the firmware with a Linux build available for it to telnet, but would prefer not to.
March 13, 2012 6:56:26 PM

Success!

Should have just rebuilt the enviroment from the start. I was too worried about gaining access to the stored files.

The Linkstation backs up to an external usb drive. Mounted it to my laptop running Ubuntu and was able to change the permissions with sudo chmod.

Thanks again for your help.
March 21, 2012 6:06:49 PM

I had something just like this happen when my raid controller / 1 hard drive went bad.

1.) I just unplugged the hard drives from sata controller.
2.) Plugged all three of the hard drives into the mb, and enabled the onboard sata controller in non-raid mode.
3.) Attempted to boot from each of the 3, an auto repair was done by the system and it booted. yay!


ps, what program exactly did you install? I had almost the exact set of circumstances due to a perfect disk installation.
March 22, 2012 5:14:36 AM

rnockjr said:
I had something just like this happen when my raid controller / 1 hard drive went bad.

1.) I just unplugged the hard drives from sata controller.
2.) Plugged all three of the hard drives into the mb, and enabled the onboard sata controller in non-raid mode.
3.) Attempted to boot from each of the 3, an auto repair was done by the system and it booted. yay!


ps, what program exactly did you install? I had almost the exact set of circumstances due to a perfect disk installation.


I installed Malwarebytes to look for a worm that was on several of the computers on the network. It also had Sophos Endpoint on for about a year.
!