Where is the information regrading the domain controller stored on

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I want to look at the above mentioned file. If I could find out where it is
located, I would greatly appreciate it.

Thanks!
 
What information? Do you mean the info for Active Directory itself? If so that
is stored in NTDS.DIT, you won't have much luck looking at it though, it isn't
like it is a clear text file, it is an ESE DB.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
I was hopin' that there was some way to change something in there.

Is there anyway to modify the database?
 
The domain controller server got moved from the domain folder to the computer
folder. This has resulted in not being able to login interactively to that
server. I was thinking that the easiest way would be to, some how, access
the folder location and move it back.

Don't laugh!
 
are you saying that by mistake the computer account of the DC was moved from
the Domain Controllers OU to the Computers container?

what is the error you are seeing? OS?

you should for an example be able to logon to the DC with the default
administrator account, move the computer account back, open a command prompt
windows and run GPUPDATE /FORCE (assuming we are talking about a w2k3 DC)
(if it is a w2k DC run SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE and
SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
 
I cannot login as it tells me that the group policy does not allow
interactive login. Another person told me of a tool that I could use that
was suppose to allow me to make sure that interactive rights were set, but
this program errored out.

The only way that I can login is to go into Directory Services Repair. This
keeps me from doing alot of AD type stuff as it is not on any domain.

The server is a W2k.

If there is some way I could fix this without going through a repair or
reinstall that would be terrific.

I do have another machine that I can install W2k on. I was wondering if I
could make that a DC for the same domain and somehow copy the domain info to
the problem machine. Does this sound doable?
 
are you saying you cannot login with the default administrator account?

on try the following...

boot the DC into SAFE MODE WITH NETWORKING

logon as the default domain administrator account....

open ADUC... and move the computer account back... reboot...


are you sure only thing that happened was that the computer account was
moved from the default domain controllers OU to the computers container?
anything else?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
 
Assuming this is actually the only thing that happened, then you should be able
to logon into any other machine that is part of the domain (or even outside of
the domain but that is a little more involved) and run ADUC and move the object
in AD.

I assume you are going through all of this because you only have one DC, you
really should have multiple DCs per domain, well at least two. That way when you
blow something up, you can easily correct and don't have to do a restore from
tape backups.

Even if you could figure out how to open the DIT file, you wouldn't be able to
figure out how to move the DC. Any attempt on your part would almost certainly
completely corrupt your DIT and make it worthless.

Finally, if you can't do what I mentioned above, you may have to pay someone who
knows about AD to fix it or just recover from backup.


joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
David said:
I cannot login as it tells me that the group policy does not allow
interactive login. Another person told me of a tool that I could use
that was suppose to allow me to make sure that interactive rights
were set, but this program errored out.

The only way that I can login is to go into Directory Services
Repair. This keeps me from doing alot of AD type stuff as it is not
on any domain.

The server is a W2k.

If there is some way I could fix this without going through a repair
or reinstall that would be terrific.

I do have another machine that I can install W2k on. I was wondering
if I could make that a DC for the same domain and somehow copy the
domain info to the problem machine. Does this sound doable?
Click to expand...
You really need to get someone who knows Active Directory to help out.
You cannot copy Active Directory data about like you would a file, since
it resides in what you might like to think of as a database. The only
safe way to manipulate Active Directory data is to use the tools
supplied for the job.

Cheers,

Cliff
 
Could I conceivably load another server with W2K server and set it up as a DC
with the same domain name?

This seems unlikely that this would work, but I just thought that I would
throw it out there.
 
You can try, it depends on how dorked up things are internally. It may work
perfectly. Personally I would get that DC moved back to its proper location first.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Back
Top