Recover a Deleted Domain Controller

[Poom]

Hi all;
I installed a W2K server on a new SCSI disk and used the same server name
that already exist (also a member of Domain Controller). I also joined it
into the domain.
Unfortunately, I did not use the new SCSI disk and I had to use the old SCSI
disk.
Now I have a big problem, Active Directory is broken. I guess because of SID
is updated by using the new SCSI disk which is not the same as the old SCSI
disk.
I DO NOT want to reinstall the server. Is there anyway that I can demote and
then join the server into the domain again?
Please Help, Thanks
Poom

 

[Jetro]

You can restore the AD from a backup.
Also read

http://support.microsoft.com/default.aspx?kbid=216498
How to remove data in Active Directory after an unsuccessful domain
controller demotion

http://support.microsoft.com/default.aspx?scid=kb;en-us;248132
How To Recover a Deleted Domain Controller Computer Account in Windows 2000

 

[Poom]

Hi;

Thank you so much for the reply.

http://support.microsoft.com/default.aspx?scid=kb;en-us;332199

I've found one article about demotion Domain Controller.

Have you had any experience on Demotion?

Thanks once again

Poom

 

[Jetro]

I beg your pardon?

 

[Alex Chandra]

Hi Poom,

Let me try to get a better understanding of your current situation.

Based on your statement you either installed W2K with the same server name as one of your W2K Domain Controller, then your join this server into your domain. At that moment, I would think that
your W2K DC was not available/online? You would not be able to have to machine with the same name on your network.

Here is what all these articles are for:
http://support.microsoft.com/default.aspx?scid=kb;en-us;332199 ==> is used for "forcefully demote" W2K SP4 or Windows 2003 DC.
Be aware that you will need to have other Domain Controller within the same domain or else you will loose all your domain information.
If your W2K DC can be gracefully demoted by running DCPromo, I would suggest that you do so.

Once you have done the forceful demotion per the article above, then you will need to follow the article provide by Jetro to clean up any reference to your demoted DC from your AD.
http://support.microsoft.com/default.aspx?kbid=216498
How to remove data in Active Directory after an unsuccessful domain controller demotion

Once all of these are done:
Make sure that server is completely unjoin from the domain by putting it into a workgroup. This include the newly installed W2K machine above.
Force replications to all DC in your domain.
DCPromo the server that you want to promote it back as the DC by selecting it as an additional DC for the domain.

If I misunderstood what you are asking, and all you wanted to do was to restore a DC that had failed, then you will need to perform a System State Restore without removing the object per KBid=
216498 above. Instead follow this article link on how to perform a System State restore of Domain Controller.
How To Use the Backup Program to Back Up and Restore the System State
http://support.microsoft.com/default.aspx?scid=kb;en-us;240363

I hope this help.

Thank you,

Alex Chandra [MSFT]
Microsoft Corp.

--

This posting is provided "AS IS" with no warranties, and confers no rights.

Please do not send meil directly to this alias. This alias is for newsgroup purposes only.


--------------------

 

[Poom]

Thank you very much for both of you Alex and Jetro.
There were 3 DCs in my domain (let say; server1, server2 and server3). I did
installed a new W2K Server and joined it into the Domain with the same
machine name on the a new SCSI disk on Server3 and I planned to use this
disk on server3. Unfortunately, I need that scsi for something else... then
I forgot + stupid and used the old SCSI on Server3. Now I guess that the SID
on old SCSI does not match with the new SCSI.
So now AD on Server3 is dead.
OK..I will try to demote that Domain Controller machine and follow the
instrucition then unjoin the machine from domain and join back in again.
Thanks for your help
Poom

Hi Poom,

Let me try to get a better understanding of your current situation.

Based on your statement you either installed W2K with the same server name

as one of your W2K Domain Controller, then your join this server into your
domain. At that moment, I would think that

your W2K DC was not available/online? You would not be able to have to

machine with the same name on your network.

Here is what all these articles are for:
http://support.microsoft.com/default.aspx?scid=kb;en-us;332199 ==> is used

for "forcefully demote" W2K SP4 or Windows 2003 DC.

Be aware that you will need to have other Domain Controller within the

same domain or else you will loose all your domain information.

If your W2K DC can be gracefully demoted by running DCPromo, I would suggest that you do so.

Once you have done the forceful demotion per the article above, then you

will need to follow the article provide by Jetro to clean up any reference
to your demoted DC from your AD.

http://support.microsoft.com/default.aspx?kbid=216498
How to remove data in Active Directory after an unsuccessful domain controller demotion

Once all of these are done:
Make sure that server is completely unjoin from the domain by putting it

into a workgroup. This include the newly installed W2K machine above.

Force replications to all DC in your domain.
DCPromo the server that you want to promote it back as the DC by selecting

it as an additional DC for the domain.

If I misunderstood what you are asking, and all you wanted to do was to

restore a DC that had failed, then you will need to perform a System State
Restore without removing the object per KBid=

216498 above. Instead follow this article link on how to perform a System

State restore of Domain Controller.

How To Use the Backup Program to Back Up and Restore the System State
http://support.microsoft.com/default.aspx?scid=kb;en-us;240363

I hope this help.

Thank you,

Alex Chandra [MSFT]
Microsoft Corp.

--

This posting is provided "AS IS" with no warranties, and confers no rights.

Please do not send meil directly to this alias. This alias is for newsgroup purposes only.


--------------------

From: "Poom" <[email protected]>
References: <[email protected]>

Subject: Re: Recover a Deleted Domain Controller
Date: Wed, 29 Sep 2004 07:53:46 +0700
Lines: 29
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Message-ID: <[email protected]>
Newsgroups: microsoft.public.win2000.advanced_server
NNTP-Posting-Host: 203-151-134-249.inter.net.th 203.151.134.249
Path:

cpmsftngxa06.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13
..phx.gbl

Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.advanced_server:21483
X-Tomcat-NG: microsoft.public.win2000.advanced_server

Hi;

Thank you so much for the reply.

http://support.microsoft.com/default.aspx?scid=kb;en-us;332199

I've found one article about demotion Domain Controller.

Have you had any experience on Demotion?

Thanks once again

Poom

 

[Poom]

Hi
.. I will NOT promote the server3 to DC after I can demote and join abck to
domain.
By the way, can I disconnect network cable on server3 while demoting the
server3?
Thanks
Poom

Thank you very much for both of you Alex and Jetro.
There were 3 DCs in my domain (let say; server1, server2 and server3). I did
installed a new W2K Server and joined it into the Domain with the same
machine name on the a new SCSI disk on Server3 and I planned to use this
disk on server3. Unfortunately, I need that scsi for something else... then
I forgot + stupid and used the old SCSI on Server3. Now I guess that the SID
on old SCSI does not match with the new SCSI.
So now AD on Server3 is dead.
OK..I will try to demote that Domain Controller machine and follow the
instrucition then unjoin the machine from domain and join back in again.
Thanks for your help
Poom

Hi Poom,

Let me try to get a better understanding of your current situation.

Based on your statement you either installed W2K with the same server

name
as one of your W2K Domain Controller, then your join this server into your
domain. At that moment, I would think that

your W2K DC was not available/online? You would not be able to have to

machine with the same name on your network.

Here is what all these articles are for:
http://support.microsoft.com/default.aspx?scid=kb;en-us;332199 ==> is

used
for "forcefully demote" W2K SP4 or Windows 2003 DC.

Be aware that you will need to have other Domain Controller within the

same domain or else you will loose all your domain information.

If your W2K DC can be gracefully demoted by running DCPromo, I would suggest that you do so.

Once you have done the forceful demotion per the article above, then you

will need to follow the article provide by Jetro to clean up any reference
to your demoted DC from your AD.

http://support.microsoft.com/default.aspx?kbid=216498
How to remove data in Active Directory after an unsuccessful domain controller demotion

Once all of these are done:
Make sure that server is completely unjoin from the domain by putting it

into a workgroup. This include the newly installed W2K machine above.

Force replications to all DC in your domain.
DCPromo the server that you want to promote it back as the DC by

selecting
it as an additional DC for the domain.

If I misunderstood what you are asking, and all you wanted to do was to

restore a DC that had failed, then you will need to perform a System State
Restore without removing the object per KBid=

216498 above. Instead follow this article link on how to perform a

System
State restore of Domain Controller.

How To Use the Backup Program to Back Up and Restore the System State
http://support.microsoft.com/default.aspx?scid=kb;en-us;240363

I hope this help.

Thank you,

Alex Chandra [MSFT]
Microsoft Corp.

--

This posting is provided "AS IS" with no warranties, and confers no rights.

Please do not send meil directly to this alias. This alias is for newsgroup purposes only.


--------------------

From: "Poom" <[email protected]>
References: <[email protected]>

Subject: Re: Recover a Deleted Domain Controller
Date: Wed, 29 Sep 2004 07:53:46 +0700
Lines: 29
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Message-ID: <[email protected]>
Newsgroups: microsoft.public.win2000.advanced_server
NNTP-Posting-Host: 203-151-134-249.inter.net.th 203.151.134.249
Path:

cpmsftngxa06.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13

.phx.gbl

 

[Jetro]

After demotion a server is not a domain controller anymore but plain domain
member. If you disconnect the cable, the changes in AD won't be
propagated/replicated.

Being offline for a while a security channel between AD replicas got broken,
that's what happened in your case.

 

[Poom]

I did demote AD on the problem machine. However, when I tried to remove
METADATA that is left inthe domain...
I have "DsBindW error 0x6d9 (There are no more endpoints available from the
endpoint mapper.) "
Any good advice, thanks
Poom

 

[Poom]

I did it...
I did not follow Technet Article but I used the below article instead.
Thanks
Poom
C:\> ntdsutil
ntdsutil: metadata cleanup
metadata cleanup: select operation target
select operation target: connections
server connections: connect to domain uk.blueridge.com
Binding to \\titanic.uk.blueridge.com...
Connected to \\titanic.uk.blueridge.com using credentials of locally logged
on user
server connections: quit
select operation target: list sites
Found 2 site(s)
0 - CN=Reading,CN=Sites,CN=Configuration,DC=uk,DC=blueridge,DC=com
1 - CN=Cambridge,CN=Sites,CN=Configuration,DC=uk,DC=blueridge,DC=com
select operation target: select site 0
Site - CN=Reading,CN=Sites,CN=Configuration,DC=uk,DC=blueridge,DC=com
No current domain
No current server
No current Naming Context
select operation target: list servers in site
Found 4 server(s)
0 -
CN=qe2,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=uk,DC=blueridge,DC
=com
1 -
CN=queenmary,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=uk,DC=blueri
dge,DC=com
2 -
CN=mauretania,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=uk,DC=bluer
idge,DC=com
3 -
CN=lusitania,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=uk,DC=blueri
dge,DC=com
select operation target: select server 2
Site - CN=Reading,CN=Sites,CN=Configuration,DC=uk,DC=blueridge,DC=com
No current domain
Server -
CN=mauretania,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=uk,DC=bluer
idge,DC=com
DSA object - CN=NTDS
Settings,CN=mauretania,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=uk
,DC=blueridge,DC=com
DNS host name - mauretania.uk.blueridge.com
Computer object - CN=mauretania,OU=Domain
Controllers,DC=uk,DC=blueridge,DC=com
No current Naming Context
select operation target: list domains
Found 3 domain(s)
0 - DC=uk,DC=blueridge,DC=com
1 - DC=de,DC=blueridge,DC=com
2 - DC=fr,DC=blueridge,DC=com
select operation target: select domain 0
Site - CN=Reading,CN=Sites,CN=Configuration,DC=uk,DC=blueridge,DC=com
Domain - DC=uk,DC=blueridge,DC=com
Server -
CN=mauretania,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=uk,DC=bluer
idge,DC=com
DSA object - CN=NTDS
Settings,CN=mauretania,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=uk
,DC=blueridge,DC=com
DNS host name - mauretania.uk.blueridge.com
Computer object - CN=mauretania,OU=Domain
Controllers,DC=uk,DC=blueridge,DC=com
No current Naming Context
select operation target: quit
metadata cleanup: remove selected server
metadata cleanup: quit
ntdsutil: quit
Disconnecting from \\titanic.blueridge.com ...

Finally, you need to delete the server from the Microsoft Management Console
(MMC) Active Directory Sites and Servers snap-in. Select Programs,
Administrative Tools, Active Directory Sites and Services from the Start
menu. Expand the Sites branch, select the site, expand the Services
container, right-click the server, and select Delete. Click Yes in the
confirmation dialog box. I have been informed of a possible problem with
this if SP2 is installed in which case perform on a box without SP2
installed.