Ed,
Recovering a DC in AD in the case of a hardware failure, and too the
same server (if not same server, see this Q249694) should be a semi-simple
task, if you have more than 2 DC holding the AD (hopefully 3 or more), and
hopefully more than 1 of them is a GC (either 2 or 3, or even all of them
would be better).
The order in which you should approach this task should be as follows:
Notes: What I am stating below is in reference to a non-authoritative
restore. If you need to do an Authoritative restore, I highly advise you get
on the horn with M.S. to help you through the command lines so that you do
not "fat finger" the AD.
a.) You need to have a valid "System Object/ System State" backup of
the AD and the DC.(This backup becomes very useful if you need to do an
"Authoritative restore". But for the most part, a non-authoritative restore
is all you will need to do.
b.) If you only have 2 DC's and the only one of them is a GC. AND if
the DC that is down is the 1st in the AD, you must remember to 1st seize all
the rolls from the DC that is limping along, to the one that is good, and
make the one that is good a GC as well. Then verify that the rolls are
switched using DCDiag and NetDiag, and NTDSUtil... "KnowsOfRollHolders"
command (get to know these util's well). Once you have a valid DC working
for your AD then you can move into DR on a DC.
1.) Remove any instances of the DC from AD, prior to bringing DC backup in
AD...Look in M.S. KnowledgeBase on "how to remove DC from AD" Q216498..
2.) Build W2K member server
2.) Patch and hotfix to existing level.
3.) Run DCPromo and let the AD sync..Thats it.....Not TSm needed except for
restore of Data.
4.) If data needs to be restore: use TSm options in trhe following manner:
a.) In the option button select ALL dir/files, and check the box in
to restore NTFS
b.) in the "Actions for files that exist...chose "replace"
c.) When prompted..chose "restore to original location" Data will be
laid down as well as NTFS
5.) Once your 2nd DC comes up transfer the rolls that you seized, back to
the other DC. and recheck using NTDSUtil. You have to check consistencies do
AD DB, and roles.
6.) If you had more than 2 DC's (3 or more) AND there was more than 1 GC,
than no seizing or transferring will be needed, UNLESS it was the 1st DC in
the AD to go down, then follow what I said above.
IMPORTANT NOTE: You can use these same steps to recover an IIS member
server, however, after you start your "restores"..DO NOT reboot until all
Local drives, Metabase.Bin, and lastly, system objects have been
restored..ONLY THEN do you reboot.
Tony
-----Original Message-----
From: Stapleton, Mark [mailto:stapleto AT BERBEE DOT COM]
Sent: Wednesday, May 28, 2003 11:35 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: restoring an nt domain controller and disaster recovery
question
From: Eddie Jones [mailto:Eddie_Jones AT CANADALIFEUS DOT COM]
> 1. Is there anything special we need to do in restoring our domain
> controller. Last year we restored the domain controller and
> we could see
> the domain groups and user id's but the permissions on the
> client shares
> did not work. The only way we could get users to connect is to maked
> everyone a domain admin (not good).
>
> 2. After installing tsm on the server I set up my database
> volumes (60gb).
> Usually I define the volumes which takes about 2 seconds per
> volume and
> then I expand the database (45-60 min) before I restore the
> tsm database.
> Is there I quicker way of doing this so I don't have to waist
> the 45-60min expanding the database.
>
> 3. If anyone has any disaster recovery tips and advise that would be
> great.
Items 1 and 3 have a single source for your answers:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodt
echnol/ad/windows2000/support/adrecov.asp?frame=true&hidetoc=true
Restoring a fully operational Windows 2000 domain controller is not a
trivial pursuit, particularly if your original domain has multiple DCs.
--
Mark Stapleton (mark.stapleton AT berbee DOT com)
Berbee Information Networks
Office 262.521.5627
|
