N
Neko-
I'd like to post a question to which I'd rather know the answer before
I'm actually confronted with the situation.
From expirience I've had a Windows 2000 Pro workstation with 2 HDD's
running in a domain enviroment. On the second disk I implemented some
NTFS rights through domain accounts. This second disk also contained
some install files, so I would be able to easily install some items
that I needed.
Now when a reinstall came round for the machine, I got it up and
running. Then I wanted to access the second HDD for the install files,
but ran into a rights problem. I wasn't allowed to access the
secondary disk. After I added the machine to the domain and used a
domain account to log on, I no longer had the issue.
Now we get to the big question... I have a W2K DC, which is currenly
running alone in the domain. There are no additional DC's active. It's
a home system, and the domain is merely there for me to try some minor
things with. This DC has multiple HDD's all with some right structures
implemented on them through the use of the domain accounts. One of the
HDD's (primary boot) has 3 partitions: "W2K server boot", "Private
Data" and "Everything else". There are two other HDD's in the system
that both hold one partition to the whole disk each. No spanning, no
RAID, no mirroring, no redundancy... Just three disks with the above
configuration.
Now the question is: What would happen if the DC were to crash, and
I'd be forced to reinstall it from scratch?
I'd need to reinstall the Active Directory, and recreate the accounts
(there's not that many so that's not that much of an issue, just
wiping the C: partition and reinstalling the server wouldn't be THAT
much of a hassle either), but when I recreate the accounts I'd be
creating the same accounts with different SID's. Which would mean that
any right structure's available on the HDD's / partitions would be
invalidated.
So my guess is, that reinstalling the DC would mean I'd be unable to
retrieve ANY data from the disks / partitions, seeing the NTFS
security would lock me out of accessing 'm.
Would I be able to hook up the HDD to a workstation that is currently
logging on to the domain and access the disk through there? This would
require a copy action over the network, but it would be do-able. The
only real question that remains then is: Would the workstation allow
me to log on under a domain account that never logged on to it before?
My guess is not. So as a preparation strike, I could log on on a
workstation under the account that has full access to the disks, just
to make sure that I'd be able to log onto the PC while the DC itself
would be absent.
The only way around any rights issues I suppose would be Partition
Magic, and returning the partitions to FAT32, or create an NTFS DOS
boot disk, hook up another disk, copy the entire contents of the NTFS
disk to the new disk, then wipe, recreate the partition, and recopy
the data.
The other option would be a backup of the data (or just the System
State) of some sort. Seeing there is no backup hardware available to
backup the amount of data on the disks, this isn't something that's
active at the moment, nor do I have readily available funds to obtain
backup hardware to backup the whole of the HDD capacity to either a
new HDD, or tape. If the SystemState would be sufficient, I'd still be
looking at some solution that would give me access to that data one
some disk I'd be able to access. So possible again a re-convert back
to FAT32?
Or would it be possible to plan for this, and give some local account
(Everyone?) access to all disks, while still implementing the rights
structure for when users access the machine over the network? (I'm
guessing the Everyone account would be recreated too, and as such it's
SID would also be invalidated).
I'm checking into creating a new DC just to hold a copy of the AD so
I'd be able to atleast get the data up and running normally again.
It'll be off most of the time, and I'll just need to start it every
now and then to replicate any changes (which hardly occur anyway) to
keep it updated. This however would cost me the use of a PC (although
it's an old one) aswell as an HDD, but that would be a solution I can
atleast feel somewhat secure with.
Anyone have any expirience with this scenario?
Due to the fact I'll be going on vacation this week, it'll mean the
server will be off anyways, so there isn't a real hurry with any
answers. I'd just like to be sure about what scenario's I'd be facing
in the wake of some mishap that'd kill the AD for whatever reason.
Thanks in advance for any and all responses.
Neko-
I'm actually confronted with the situation.
From expirience I've had a Windows 2000 Pro workstation with 2 HDD's
running in a domain enviroment. On the second disk I implemented some
NTFS rights through domain accounts. This second disk also contained
some install files, so I would be able to easily install some items
that I needed.
Now when a reinstall came round for the machine, I got it up and
running. Then I wanted to access the second HDD for the install files,
but ran into a rights problem. I wasn't allowed to access the
secondary disk. After I added the machine to the domain and used a
domain account to log on, I no longer had the issue.
Now we get to the big question... I have a W2K DC, which is currenly
running alone in the domain. There are no additional DC's active. It's
a home system, and the domain is merely there for me to try some minor
things with. This DC has multiple HDD's all with some right structures
implemented on them through the use of the domain accounts. One of the
HDD's (primary boot) has 3 partitions: "W2K server boot", "Private
Data" and "Everything else". There are two other HDD's in the system
that both hold one partition to the whole disk each. No spanning, no
RAID, no mirroring, no redundancy... Just three disks with the above
configuration.
Now the question is: What would happen if the DC were to crash, and
I'd be forced to reinstall it from scratch?
I'd need to reinstall the Active Directory, and recreate the accounts
(there's not that many so that's not that much of an issue, just
wiping the C: partition and reinstalling the server wouldn't be THAT
much of a hassle either), but when I recreate the accounts I'd be
creating the same accounts with different SID's. Which would mean that
any right structure's available on the HDD's / partitions would be
invalidated.
So my guess is, that reinstalling the DC would mean I'd be unable to
retrieve ANY data from the disks / partitions, seeing the NTFS
security would lock me out of accessing 'm.
Would I be able to hook up the HDD to a workstation that is currently
logging on to the domain and access the disk through there? This would
require a copy action over the network, but it would be do-able. The
only real question that remains then is: Would the workstation allow
me to log on under a domain account that never logged on to it before?
My guess is not. So as a preparation strike, I could log on on a
workstation under the account that has full access to the disks, just
to make sure that I'd be able to log onto the PC while the DC itself
would be absent.
The only way around any rights issues I suppose would be Partition
Magic, and returning the partitions to FAT32, or create an NTFS DOS
boot disk, hook up another disk, copy the entire contents of the NTFS
disk to the new disk, then wipe, recreate the partition, and recopy
the data.
The other option would be a backup of the data (or just the System
State) of some sort. Seeing there is no backup hardware available to
backup the amount of data on the disks, this isn't something that's
active at the moment, nor do I have readily available funds to obtain
backup hardware to backup the whole of the HDD capacity to either a
new HDD, or tape. If the SystemState would be sufficient, I'd still be
looking at some solution that would give me access to that data one
some disk I'd be able to access. So possible again a re-convert back
to FAT32?
Or would it be possible to plan for this, and give some local account
(Everyone?) access to all disks, while still implementing the rights
structure for when users access the machine over the network? (I'm
guessing the Everyone account would be recreated too, and as such it's
SID would also be invalidated).
I'm checking into creating a new DC just to hold a copy of the AD so
I'd be able to atleast get the data up and running normally again.
It'll be off most of the time, and I'll just need to start it every
now and then to replicate any changes (which hardly occur anyway) to
keep it updated. This however would cost me the use of a PC (although
it's an old one) aswell as an HDD, but that would be a solution I can
atleast feel somewhat secure with.
Anyone have any expirience with this scenario?
Due to the fact I'll be going on vacation this week, it'll mean the
server will be off anyways, so there isn't a real hurry with any
answers. I'd just like to be sure about what scenario's I'd be facing
in the wake of some mishap that'd kill the AD for whatever reason.
Thanks in advance for any and all responses.
Neko-
