Lightning, System Crash, Active directory corrupt

  • Thread starter Thread starter Sam
  • Start date Start date
S

Sam

During a lightning storm and power outage the DC fails to
start the directory service. Option is to reboot in safe
recovery mode and restore system state however the
administrator password does not work. Is this the only
account that can be used to save the OS? I have backups
of the system state but cannot logon to the recovery
console to restore system state. Any other work around
would be appreciated.
 
I have used this (http://home.eunet.no/~pnordahl/ntpasswd/) on several
occasions to blank out Administrators password for DSRM. For DSRM Windows
uses SAM database and not AD (because AD is not started), so this method
should help you out.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com
 
Thanks
for the info.
We were able to find the first password but by this time
it was already to late. See if this madness made any
sense for restoring the AD. System State backup was 9
months old. No other updates were installed except SP2.
I reinstalled the OS like it was before. Added AD but did
not create any new logons. Ran backup for system state
restore thru the Restore AD safe mode.
Files restore properly but there was an error in the event
log
Event ID 8012
The 'Active Directory' returned DS Contents in the backup
copy are out of date. Try restoring with a more recent
copy. From a call to REstorePrepare()' additional
data "\\servername"

Can't understand why DS will not restore.

-----Original Message-----
I have used this
Click to expand...
(http://home.eunet.no/~pnordahl/ntpasswd/) on several
 
Thanks. That makes sense. Now I have to figure out how to
reset the system date and see if I can trick the system to
thinking its within the 60 days of the system state. Will
let you know if I succeed.
I owe you one!
 
you should start the server in directory services restore mode, F8 from the
boot menu, not the recovery console, the administrator account password for
DSRM may not be the same as the Administrator password for the server, this
password is normally set when you install active directory, the admin
account is set when you install the OS,.
We used to leave it blank, for DSRM in case it was forgotten but the servers
were ALWAYS locked up.

Is it your only domain controller ?? as if it is not, then a few other
options exist, which involve registry hacks and metadata cleanup using
ntdsutil

HTH
 
It worked!!!!
back in the saddle again!

Thanks for your help!
If you are ever in Houston I will treat!
 
Back
Top