Quantcast
Channel: Active Directory & GPO
Viewing all articles
Browse latest Browse all 20789

Corrupt AD restore

April 16, 2013, 5:03 am
$
0
0

So, that dreaded moment has happened- I'm facing a corrupt AD database. This is at a Primary School we support, the whole project was just about finished- the only thing left to set up was the backups... You can see where this is going :(

I've done a migration from a physical Windows 2003 server to a virtual Windows 2008 R2 server running on Hyper-V on a server 2012 host, using DC promo and some spare hardware I had to temporarily host AD (I have re-used the old hardware, so I migrated AD across, scrubbed the old box, set up the new server, then copied AD back across.) I also used the same server name and IP address for the new server.

It was working fine yesterday morning as I was able to create a new user- however at some point late morning/early afternoon it has become corrupt as SmoothWall stopped authenticating users, and now I can't save changes to users, create or delete users, or delete DNS entries.

First thing I want to try is a Semantic database check as per this article here: http://www.digitalforensics.be/blog/?p=193

However, I want to have a plan B ready to go if that doesn't work. I still have a backup for the 2003 server, where AD should not be corrupt.

I'm thinking the following should fix the problem:

1.) Restore the 2003 server to a spare server

2.) Remove AD from the 2008 R2 server using DC promo, and specifying it is the last server in the domain, making it a standalone member server

3.) Bring the 2003 server up to the latest schema

4.) Use DC Promo to join the 2008 R2 server back to the domain. At this point it will copy across the non-corrupt AD

5.) Take a backup!

6 .) Change the GPO's so file redirects use the new server (thinking not changing the server name this time)

7.) After a week, transfer the FSMO roles to the 2008 R2 server and shut down the server 2003 server

I'm a little concerned about step 2, wondering if DC Promo will remove it OK if the directory is already corrupt?

Also would like to know how it corrupted in the first place so I can prevent it from happening again, but this is the least of my worries right now.

Does this plan sound like it could fix the issue? Or does anyone have any better suggestions?

Thanks,

Dan

Search
Viewing all articles
Browse latest Browse all 20789
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>