In
Warren said:
The Active Directory became corrupted on a Windows 2000
Server (SP4). I am no longer able to logon to the server
unless in AD Recovery Mode. Hence many services not
available.
I have followed every procedure that I have found in the
knowledge base to repair/fix the AD. I have tried to
remove so that I can re-install the AD. I have attempted
to restore to a previous known good state, but with no
success.
Any suggestions as to how to repair this without having
to reformat the server and start from scratch.
Thanks
Warren
Maybe we can avoid this. Can you provide us with your Event log errors?
Since you cannot logon into the DC, then you can't use dcpromo /forceremoval
switch. If you like, here is a 13 step method to manually make a DC into a
member server that a friend of mine devised years ago, and it works. THis
way you don't have to reinstall the machine.
If there are any problems whatsoever, even the slightest, then a reinstall
will be required from scratch.
Good luck.
13 easy steps.
1) On another DC in the domain run NTDSUTIL to move the FSMO's, er seize
them! DOH. (If this is the only DC, then don't worry about it)
2) Make sure DNS is 100% solid on the working DC. (If only one DC, don't
worry about it for now, but configure it correctly before promoting it to a
new DC).
3) Make sure working DC is also a GC. (If just one DC, don't worry about
it).
4) Boot corrupted DC into DSRM, edit the registry change
HKLM\SYSTEM\CCS\Control\ProductOptions change the ProductType value from
LanmanNT to ServerNT. This key dictates if the machine is a DC or jus a
server. ServerNT means it's not a DC.
5)Command prompt > net stop ntfrs to stop FRS.
6) Delete the Winnt\Sysvol and NTDS directories.
7) Reboot the now former DC
8) Log into the now member server. Change it to a stand alone, by joining a
workgroup (My Computer Properties, Network ID tab, remove it from the old
domain).
9) Reboot the now stand alone server.
10) If there is only one DC in the domain, skip this step, otherwise, on the
good DC delete the disabled computer account for the old, now defunct DC.
11) Now on this new stand alone machine, set the Primary DNS Suffix to the
new domain name that you want (In My Computer. Properties, Network ID Tab,
Properties, More,). Reboot.
12. Make sure that DNS is configured with the new domain name and updates
set to YES.
13. Run DCPROMO to create a new domain or join the domain/tree/forest again.
Reboot.
Ace
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
