AD restore failed

  • Thread starter Thread starter Robert
  • Start date Start date
R

Robert

Hello- I'm sort of in a bind and wondering if anyone can give me a few
pointers.

Recently I did something rather stupid and installed an application while
applying service pack 4. The application unexpectedly forced a reboot right
in the middle of the SP update, which obviously ate the machine. Repair
from the CD didn't work, so I reinstalled and decided to restore from tape
(in AD directory services restore mode).

That worked, partially, however my NIC had to be removed and re-detected and
each time I put static IP info in, it immediately goes back to "obtain
automatically" however my static address still shows up in ipconfig.
Strange.

The problem I have is that the other AD controllers are not aware that this
server has resumed operation. It does not show up in the list under
"Connect to domain controller" in AD users & computers, and I also have
trouble accessing group policy.

I also probably did a bad thing and joined the machine to the domain in its
pre-restored state (in order to mount a USB drive on a workstation which is
handling the backups..)

I am under the impression that this either has something to do with joining
the domain, or the NIC problems? I really don't know much about AD other
than what I've experimented with, any assistance would be greatly
appreciated.
 
Hi Robert-

Do you receive an error when opening on Active Directory Users and Computers
on the restored domain controller? If so, what is it?

It is possible that the secure channel of the domain controller may simply
need to be reset, though it is also possible that there is another problem
from the restore sequence of events you described.

If the message you receive is "Server is not operational" or "Target
principal name is incorrect" you may consider using the NETDOM syntax and
steps below to reset it. NETDOM is a Support Tools tool.

1-Run the following command to reset the machine account password -

netdom resetpwd /server:<name of DC> /userd:<domainname>\<administrator_id>
/passwordd:<administrator's password>

2-Stop the Kerberos Key Distribution Center service on the domain contorller
having the problems and set it to disabled, then reboot.

3-Test to see if the problem is still occuring.
******************************************
It might also be a good idea to verify the userAccountcontroller attribute
of the DC machine object in AD. Here's the steps to do that:

1. If you don't have the Support Tools installed on the DC, first do
that. Run \Suppot\Tools\Setup.exe from the 2000 CD-ROM.
2. Start, Run, LDP.EXE. Go to Options, menu, select Bind, change the Method
drop-down to NTLM. Click OK.
3. On the Connection menu, select Connect. Then select Bind, and put in the
administrator's credentials. Click OK.
4. On the View menu, select Tree. Leave the BaseDN field blank. Click OK.
5. On the left pane, navigate to the computer object of the DC (CN=<name of
DC>,
etc.). It will be under OU=Domain Controllers, or CN=Computers.
6. Right-click on it, and select Modify.
7. In the Modify dialog box, put in userAccountControl for the Attribute
field,
and 532480 for the value. Change the Operation radio button to Replace.
8. Click the Enter button, then the Run button. Close out LDP.
 
Back
Top