Re: Disaster recovery and NTDSUTIL
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Nov 2007 07:34:50 -0600
Have you done a dcpromo /force to remove the local AD info? Once this is
done then you should go back and cleanup metadata
Cleanup metadata
http://support.microsoft.com/?id=216498
Make sure all the FSMO roles have been transferred to the second dc, if they
don't already reside there. You may have to seize them if they were on the
lost dc.
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504
Make sure the other Domain Controller is a Global Catalog server, but I have
to believe it already is otherwise Exchange (If 2000 or 2003) wouldn't work.
http://support.microsoft.com/default.aspx?scid=kb;en-us;313994
If you have AD integrated dns, make sure dns is on this dc before
repromoting and that this dc client network dns setting is pointing at the
other dc before promoting.
Finally run dcpromo on this new dc.
Hopefully this will bring this all back online for you.
After you have completed all of this you should check your AD for errors.
Run diagnostics against your Active Directory domain.
If you don't have the support tools installed, install them from your
server install disk.
d:\support\tools\setup.exe
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
-> dnslint /ad /s "ip address of your dc"
**Note: Using the /E switch in dcdiag will run diagnostics against ALL
dc's in the forest. If you have significant numbers of DC's this test
could generate significant detail and take a long time. You also want
to take into account slow links to dc's will also add to the testing
time.
If you download a gui script I wrote it should be simple to set and
run (DCDiag and NetDiag). It also has the option to run individual
tests without having to learn all the switch options. The details
will be output in notepad text files that pop up automagically.
The script is located on my website at
http://www.pbbergs.com/windows/downloads.htm
Just select both dcdiag and netdiag make sure verbose is set. (Leave
the default settings for dcdiag as set when selected)
When complete search for fail, error and warning messages.
Description and download for dnslint
http://support.microsoft.com/kb/321045
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Dino Aydin" <aydin@xxxxxxxxxxxxxxxxx> wrote in message
news:fi6c3u$1f2m$1@xxxxxxxxxxxxxxxxxxxxxxxx
I''m tryin' to find a solution for the flw scenario:
1st W2K server : ( file server)
- logged as directory services restore mode
- ntdsutil recovery failed couse the DBinitializate Jet failed error - 530
- eseutil failed
- no backup of sytem state
- now machine out of domain and in a work group
- accounts can reach it running his ip adress
2nd W2K server ( exchange server) operational
- accounts logging on to this machine
- machine in domain as 2nd PDC
Thanks for the help
DINO
.
- References:
- Disaster recovery and NTDSUTIL
- From: Dino Aydin
- Disaster recovery and NTDSUTIL
- Prev by Date: Disaster recovery and NTDSUTIL
- Next by Date: Re: Slow AD logon if username longer than 8 chars
- Previous by thread: Disaster recovery and NTDSUTIL
- Index(es):
Relevant Pages
|
