info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Single DC AD server loss and rebuild from scratch
8 views
Skip to first unread message
Nick Fotopoulos
Feb 15, 2012, 11:11:36 AM2/15/12
to
Oops, I think I just posted in the wrong group...appologies!
Nick Fotopoulos
Feb 15, 2012, 11:09:59 AM2/15/12
to
I have a network that had a single DC with Exchange. This server
experienced a corruption in the file ntds.dit that made it
unreadable. Full back ups were suppose to be running to a DPM server,
but when I checked everything on the server except System State had
been backed up. We did manage to find a System State back up from
3/27/2009 (which was the last time that ntdsutil said the database was
backed up), but since most of the users have turned over since then
and Exchange was no longer needed (completed Google Apps migration a
couple of months ago) and the AD had much lingering clutter from years
past we saw this as an opportunity to simply rebuild an start with a
fresh clean AD.
I rebuilt the DC with new server name, but the same domain name
[comany].local. We began removing all of the desktops from the domain
and then rejoining them to the new domain. I then had a use login
with their new credentials (same username) to have the desktop create
a profile. Then I logged in as admin and copied all of the files in
their old profile (except the NTUSER.* files). I then log out and
have them log back in. They should now see their old desktop and feel
right at home, however they are experiencing strange issues, like not
being able to launch certain shortcuts or viewing display settings. I
logged back in as admin and went to the advanced security settings for
their new profile dir and used to take ownership option (applied to
all sub dirs) and left the default owner of SYSTEM. While taking
ownership it presents an error message saying that it doesn't have
permissions on folders like "Application Data". Did I screw something
up in the rebuild of the AD? I've done this before and don't remember
having this much trouble with it.
experienced a corruption in the file ntds.dit that made it
unreadable. Full back ups were suppose to be running to a DPM server,
but when I checked everything on the server except System State had
been backed up. We did manage to find a System State back up from
3/27/2009 (which was the last time that ntdsutil said the database was
backed up), but since most of the users have turned over since then
and Exchange was no longer needed (completed Google Apps migration a
couple of months ago) and the AD had much lingering clutter from years
past we saw this as an opportunity to simply rebuild an start with a
fresh clean AD.
I rebuilt the DC with new server name, but the same domain name
[comany].local. We began removing all of the desktops from the domain
and then rejoining them to the new domain. I then had a use login
with their new credentials (same username) to have the desktop create
a profile. Then I logged in as admin and copied all of the files in
their old profile (except the NTUSER.* files). I then log out and
have them log back in. They should now see their old desktop and feel
right at home, however they are experiencing strange issues, like not
being able to launch certain shortcuts or viewing display settings. I
logged back in as admin and went to the advanced security settings for
their new profile dir and used to take ownership option (applied to
all sub dirs) and left the default owner of SYSTEM. While taking
ownership it presents an error message saying that it doesn't have
permissions on folders like "Application Data". Did I screw something
up in the rebuild of the AD? I've done this before and don't remember
having this much trouble with it.
0 new messages