AD Restore disaster please help.........

Hi There.........

I'd like to get some help and advice please...............

Our AD environment consists of a Win2k3 R2 Forest, with Root domain
companyname.com and a child domain au.companyname.com, with 2 DC's on
the root and two in the child.

For the last two days I've been trying to do a restore of the system
state backup from the Root DC (which has all FSMO roles) and a DC from
the child (RID, PDC, Infra).

Unfortunately the hardware which I'm doing the restore is different
which only makes things worse.

The steps I've been taking is as follows:
1. Do standard Win2k3 R2 Svr install
2. Do a restore of the system state backup for Root DC with advanced
options replace files and all files are restore to original path.
3. Follow instructions from MS document for DC restore to different
hardware, set burflag "d4", update the reg keys for the "process
startup".
4. The test environment DCs have exactly the same address as the
original.
5. With hardware and everything being different need to do a Win2k3
system repair with Win2k3 CD. Reregister the dns records.

After all that is done the first problem we come across is cannot lauch
any of the default AD admin tools from the administrative menu eg.
users and computers, DNS, sites and services etc. The only way to get
these consoles is via the MMC and add the console to the MMC viewer.
This occurs on the Root DC.

Then we do a restore of the child DC and the behaviour is exactly the
same with the same problems as the Root DC. So we follow the same
procedure.

Then after all that when we try to do a replication its gone things
like it cannot find the root DC domain or RPC Server unavailable.. Then
when we try to cleanup the metadata for the additional DC that was on
the root and child using ntdutils we get errors saying it can't
actually find sites, servers, but can find the domains. I can connect
to the DC using ntdutils but can't do things such as clean up the
metadata.

Can anyone help me with some suggestions....... it seems the major
problem is the root and child DC's can ping each other after the
restore with DNS working but can't do replication and in some instances
the netlogon service can't start..............

many many thanks...........

.

Relevant Pages

  • Re: AD Restore disaster please help.........
    ... Usually the problem that occurs on dissimilar hardware is regarding the HAL ... Our AD environment consists of a Win2k3 R2 Forest, with Root domain ... the root and two in the child. ... For the last two days I've been trying to do a restore of the system ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain Security Problem - Please advise
    ... The child domain DC's always logon as domain admins, while the root DC's always logon as Enterprise Admins. ... We even use MOM to monitor the domain, and this has not picked up any forest wide replication problems, but whatever has happened, the problem is there. ... We have a separate forest root, with child sub-domains which the users log into. ...
    (microsoft.public.windows.server.security)
  • Re: DNS Restructure
    ... What I mean by child root is we have a regional ... It's my understanding that if each internal DNS server is using ... >> external DNS servers are separate and we host both. ...
    (microsoft.public.windows.server.dns)
  • Re: Domain Security Problem - Please advise
    ... Fair point about the permissions being use in replmon, ... DCOM is configured and working on the child and root DC's, but I've reset the DCOM security on this anyway using 'certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG' then stopping and restarting certsvc on both the root and subordinate CA's. ... This 'setup' has allowed replication and CA config to work without a problem for a long time. ...
    (microsoft.public.windows.server.security)
  • Re: Do Child DCs need unrestricted IP access to Root DCs?
    ... Do all child DC's need unrestricted IP access to all root DC's for AD ... replication to work successfully? ... Site1 can't talk to site3. ...
    (microsoft.public.windows.server.active_directory)
Loading