old domain controllers lost

[sm4llphry]

while i was on vacation our company had a major virus issue. we lost
both our windows 2000 domain contollers (one of which ran exchange
2000).
i am back from vacation now...and i have a new server (windows 2003)
that i would like to make the domain controller and exchange server.

here is my question:
should i make the NEW server a domain controller for the same domain??
i can't even get the old servers to power on to do a replication....so
i know i will have to recreate all the users, etc.

thoughts????

 

[Danny Sanders]

should i make the NEW server a domain controller for the same domain??

i can't even get the old servers to power on to do a replication....so
i know i will have to recreate all the users, etc.

If the old DCs can't power up, the "old" domain doesn't exist anymore, you
can't add the new DC to a nonexistent domain.

If you mean give it the same name as the old, it will still be a new domain.
The new server can't access the SAM on the nonexistent domain so it will
create a new domain with the same name as the old, but the SAM will be
different. To your clients, new sam = new domain


hth
DDS

 

[sm4llphry]

would i still have to change permissions on things like folders on our
fileserver??

 

[Danny Sanders]

I hope you have good backups.
You have to start over from scratch and recreate your entire domain.

I would also suggest that your boss look over your shoulder when you do it.

This may give them an idea of how much downtime and how much of your
(unnecessarily wasted) time they can save by buying and installing a virus
scanner and keeping it updated.
There is really no excuse now days for a company having a server connected
to the Internet without Virus software.


hth
DDS

 

[Herb Martin]

I hope you have good backups.
You have to start over from scratch and recreate your entire domain.

I would also suggest that your boss look over your shoulder when you do it.

This may give them an idea of how much downtime and how much of your
(unnecessarily wasted) time they can save by buying and installing a virus
scanner and keeping it updated.
There is really no excuse now days for a company having a server connected
to the Internet without Virus software.

And in most cases*, no DC or other critical server should ever
be connected to the Internet. (With the possible exception of
downloading Windows Updates which itself can be moved inside
using MSUS or whatever it's called this week.)

[*Talking about for supporting internal "Enterprise" AD domains here,
not special cases where the users are actually Internet users AND
the admins know precisely how to secure these vulnerable servers.]

Whoever didn't make backups also deserves reprimand, firing, or
at least re-education. If that was "YOU" then don't tell anybody
you failed to do it, but make sure you kick yourself until you learn
to always have another timely backup (and another.)

 

[Jorge de Almeida Pinto [MVP - DS]]

you either clean the DCs and try to boot them offline, reinstall new DC and
wack the old DCs. continue from there

or use a backup to revive the domain.. you do have backups do you?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx