help active directory restore after 60 days

[Tony Burke]

Hi I am trying to restore active directory system state
my good backup is 90 days old.
The domain controller is the only domain controller on a small network

I really need help on this urgently

 

[Jimmy Andersson [MVP]]

You need to increase the tombstone lifetime. It's located on the
enterprise-wide DS config object.
CN=Directory
Service,CN=WindowsNT,CN=Services,CN=Configuration,DC=COMPANY,DC=COM

Backup of the Active Directory Has 60-Day Useful Life:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q216993

Regards,
/Jimmy

 

[Simon Geary]

This article explains what to do. http://support.microsoft.com/?id=216993
You can use ADSI Edit to change the tombstoneLifetime attribute to a value
higher than 90. I've never done it myself so I don't know if it's as simple
as it sounds or if there are other pitfalls. Maybe a quick support call to
PSS would be in order here.

 

[\Richard McCall [MSFT]\]

Since the DC is the only DC then increasing the tombstone to 90 is going to
have no effect. You can restore the server from the 90 day old back up. Then
you will need to reset all the machine account passwords since they have
been changed since the backup was performed. You can automate this using
netdom.

 

[Tony Burke]

problem is richard that since the backup is more than 60 days old it skips
files and gives a lsass error preventing the server from starting. This is
really stressing me

Tony