How to restore or recreate Active Directory System Object

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: larsen <larsen@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 13 Feb 2007 08:44:03 -0800

OS: W2000k Server - two Domain Controlers
One Domain
One Forrest

I need to recreate AD object "cn=server,cn=system,dc=domainname"
class of object = samserver
One day this object disappeared from AD. and happen all described below.
Is anybody know how to recreate this object or import/export this object
from backups. I cannot replicate DC from Backups because password of machines
has changed and I cannot reset passwords because this object not exist - that
is my hypothesis, Or maybe somebody has different explanation and solution.
Everythink I tried - failed.

Problem is described below:

I have big problem with may DC enviroment, one day I had installed MS APARS
and then restarted one of two W2000 DC. After restarting DHCP server service
didn't start.
We try to reinstall DHCP server, but it doesn't slove problem, DHCP service
still was unstartable. We moved DHCP to another DC controler.
Except DHCP everything else works ok.
After few days we restarted secont DC - after installing APARS [ms fixes],
and the same thing happen to the second DC controller, but also now we cannot
add any workstation to domain.
We move DHCP on another machine and

We wolud like to add anoteher DC - w2k3 but
We executed:
Adprep /forestprep - successful
but
Adprep /domainprep finished with Error

We seized all FSMO roles to second DC -

on the first DC every 5 min [default local policy refresh interval] we had
error in application log:
SCECLI 1202 Events
0x2: The system cannot find the file specified.

after seizing FSMO roles on the second DC, error on first DC disappeard but
begun on the second DC.

we enabled debuging as MS recomends:
http://support.microsoft.com/kb/324383/en-us
but this doesn't change %SYSTEMROOT%\security\logs\winlogon.log don't add
any ohter insertions- there is still only one error:

----Configure Security Policy...
Warning 2: The system cannot find the file specified.
Error opening SAM account domain.

System Access configuration completed with error.

Other Errors:
Errors Raised after try different things:
--------------------------------------------------------------------------------------------------------
adprep /domainprep
error:
[Status/Consequence]
For backward compatibility, Adprep requires that the Anonymous Logon securi
he pre-Windows 2000 Compatible Access security group if the Everyone group
in controllers running Windows Server 2003, the Everyone group no longer in
[User Action]
Check the log file Adprep.log in the system root System32\Debug\Adprep\Logs
mation.
Adprep encountered a Win32 error.
Error code: 0x2 Error message: The system cannot find the file specified..
--------------------------------------------------------------------------------------------------------
Changing Password:

Unable to change the password of this account due to the following error:
2: The system cannot find the file specified
Please consult your system administrator
--------------------------------------------------------------------------------------------------------
Policy propagation - [winlogon.log]: 2 errors:
1st error:
Error 0 to send control flag 1 over to server.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
-------------

2nd error:
----Configure Security Policy...
Warning 2: The system cannot find the file specified.
Error opening SAM account domain.
System Access configuration completed with error.
--------------------------------------------------------------------------------------------------------
Similar errors when I execute netdom to reset kerberos secure channel :
"failed - file not found"
--------------------------------------------------------------------------------------------------------
Similar error when I use nltest to reset machine passwords:

.

Follow-Ups:
- Re: How to restore or recreate Active Directory System Object
  - From: Paul Williams [MVP]

Prev by Date: Printing with Remote Desktop
Next by Date: Re: ADFS System.Web.Security.SingleSignOn.WebSsoConfigurationExcep
Previous by thread: Printing with Remote Desktop
Next by thread: Re: How to restore or recreate Active Directory System Object
Index(es):
- Date
- Thread

Relevant Pages

Re: DHCP IP lease renewal ok, but a new PC can not obtain an IP ("An e
... I guess the problem seen with DHCP from PC's is a symptom of another ... Note that both robert and tina are blade servers within the save blade ... Connection-specific DNS Suffix. ... I.e. DNS servers has their own IP as the first DNS server and another as ...
(microsoft.public.windows.server.networking)
Re: SBS 2003 Misconfigured?
... DHCP shows up on the server as running. ... The netgear has a setting for the Internet IP which is set to the ... Which, based on the configuration you gave, is part of the problem. ...
(microsoft.public.windows.server.sbs)
RE: DHCP
... SBS stops leasing out IP addresses. ... to DHCP. ... Administrative tools ' Server Management. ... go into the ISA console to create and apply a Firewall access rule with the ...
(microsoft.public.windows.server.sbs)
Re: Application Hang
... Do not run 2 DHCP servers together, that will create conflicts for the client. ... Under DNS management console is the server listed under Forward lookup zone, if yes with how many entries and which ones? ... I hope this is what you were looking for by way of scope options: ...
(microsoft.public.windows.server.networking)
Re: No DHCP in administrative tools
... OK, we need to install the DHCP service, but we're gonna hold of a mo' on ... In computer management, expand IIS, expand websites, which sites do you ... SQL Server Config ...
(microsoft.public.windows.server.sbs)