|
AW: Active Directory Problems
2003-07-11 11:34:32
Jack,
once you have a proven process for restoring AD
it would be invaluable if you could post it here.
There have been many experiences with restoring W2k published here,
but as for AD Servers I am missing reports about
real succesfull restores.
I personally tried earlier Zlatko´s-like procedure,
ended with working AD but only after I reinstalled
video and network drivers,
which was absolutely dubious and left bad feeling
and I never saw things like that after having non-AD servers reinstalled.
It is not clear from your e-mail
which procedure did you succesfully follow - you name
christian while having attached zlatko´´s procedure ;)
best regards
Juraj Salak
P.S.
just an angry weep - ignore it if you don´t have both
a bottle of beer on the table and melancholical spirit;)
The AD has disastreous design from the
system management point of view, does not it?
The tight coupling betweenn application and operating system is a ...beep...
.
One can NOT backup/restore AD,
one only can backup/restore complete operating system.
This is not complaint about TSM, this limitation is inherited to the AD
design.
For example, once an AD server HW will not work
and no compatible HW can be purchased,
one cannot install new OS on a new machine and restore AD.
One has to install and configure AD again and have it replicated..
In slow WAN painfull. And what about FSMO´s??
There is good detailed description from microsoft how to backup/restore AD.
Not a subject to be tested in real life. Too many scenarios with different
procedures - a comprehensive test would take much, much time.
And - one is limited to one domain per computer.
So I have two servers doing almost nothing but presenting proud logo
of beeing a forest domain controller.
A good design is possible. e.g. Novel has it.
But so little apps do support this product...
There is a positive point about it - the job creation effect:
many good payed engineers spend their time solving this unneccessary
problem.
Just like in old times as they
configured memory extenders for the so-called operating system "DOS"
in long trial and error only to have it use the real memory in the
computer..
It makes me dumpish to see what kind of
software uses to win the market battle
and what sort of unnecessary problems do we have to cope with.
My beer is empty - hurray into holliday!
old Juraj
-----Ursprüngliche Nachricht-----
Von: Jacques Butcher [mailto:butcherjw AT ANANZI.CO DOT ZA]
Gesendet: Freitag, 11. Juli 2003 14:23
An: ADSM-L AT VM.MARIST DOT EDU
Betreff: Re: Active Directory Problems
Hi Cristian.
Thanks for your replies. It's really nice to have people
trying to help you solve your problems on this forum. I
will make an effort to spend more time on this forum trying
to help other people where I can.
Back to the topic;
I have followed the exact same procedure that you described
and is it seems as if everything is working. The only
problem is now to join the domain and to log onto the
domain from a workstation.
I have logged a call with Microsoft and will see what they
come up with.
I however have another question for you. I notices that
the FSMO master server that I'm restoring is not a Global
Catalog server (it is the infrastructure master). I read
some microsoft article that mentions something that a
Global Catalog server is needed for authentication. Would
this be my problem and is there a way around it?
On Fri, 11 Jul 2003 13:42:00 +0300
Zlatko Krastev <acit AT ATTGLOBAL DOT NET> wrote:
> Christian,
>
> I am under impression that your posts become more and
> more misleading over
> time! Is this because I read them selectively or for any
> other reason -
> don't know. I would be rather happy to be proved wrong!!!
> Also advertizement within any advice is against the
> principles of the
> community on this forum. Please perform your marketing
> activities
> privately or using a different media!!!!
>
>
> Back to the topic - the problem Jacques is experiencing:
> The standard Win2k recovery procedure is:
> 1. Install clean Windows - I install it on the *same*
> path and it works
> fine
> 2. Install TSM client - personally I prefer instead of
> configuring it to
> restore dsm.opt and restart the client
> 3. Restore *all program files* - if some application is
> installed on a
> drive other than C:, its binaries is better to be
> restores right now
> 4. Ignore restart message
> 5. Restore System State (System Object in TSM terms) and
> reboot.
> 6. (only for the only/first domain controller in DR) Make
> the restored AD
> data "authoritative". You will need to be in AD recovery
> mode in step 5.
>
> The trick is to avoid joining to the domain at step 1!!!!
> Keep the system
> as being part of some imaginary workgroup (better with a
> name which is not
> known to the domain controller/master NetBIOS browser).
> In step 5 all information regarding membership to the
> domain will be
> restored and after reboot the server will be part of the
> domain. Think of
> sequence failure-reinstall-restore-reboot as of an
> ordinary
> shutdown-reboot with longer downtime!
>
> Zlatko Krastev
> IT Consultant
>
>
>
>
>
>
> Christian Svensson <Christian.Svensson AT CRISTIE DOT SE>
> Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
> 11.07.2003 12:04
> Please respond to "ADSM: Dist Stor Manager"
>
>
> To: ADSM-L AT VM.MARIST DOT EDU
> cc:
> Subject: Re: Active Directory Problems
>
>
>
>
>
>
>
>
>
> When you installed Windows on the machine.
> Did you installed Windows in a Temp directory and then
> restore all data
> from TSM?
> Or did you installed Windows in there standard path and
> overwrite each
> file
> with TSM?
>
> If you did the last thing. I can understand way you got
> that problem. That
> is becuse you got a new SID and et c.
> Try to install Windows in a Temp Path and restore the
> data from TSM to
> there normal PATH. Reboot the server and boot up in
> Restore Directory
> Service mode and restore the System Object. Reboot the
> server again and
> remove the temp Windows installation.
>
> Now should it work fine.
> To do this much easyer. Buy a Disaster Recovery tool.
> Talk to IBM and they
> should give you some advice. Or can you download your own
> eval. copy from
> www.cristie.com
>
> Best Regard / Med vdnlig hdlsning
> Christian Svensson
> Tivoli Storage Manager Certified
>
............................................................................
............................................................
>
> Cristie Nordic AB
>
> Box 2 Phone : +46-(0)8-718 43 30
>
> SE-131 06 Nacka Mobil : +46-(0)70-325 15 77
>
> Sweden eMail : Christian.
> svensson AT cristie DOT se
>
>
>
> Visit : Gamla Vdrmdvvdgen 4, Plan 2
>
> web : www.cristie.com
>
>
>
>
>
............................................................................
............................................................
>
>
>
>
> Jacques Butcher
> <butcherjw@ANANZI To:
> ADSM-L AT VM.MARIST DOT EDU
> .CO.ZA> cc:
> Sent by: "ADSM: Subject:
> Active Directory
> Problems
> Dist Stor
> Manager" <ADSM-
> L AT VM.MARIST DOT EDU>
>
>
> 2003-07-11 10:53
> Please respond to
> "ADSM: Dist Stor
> Manager"
>
>
>
>
>
>
> Hi Everyone.
>
> I've restore the system volume (c:) and all system
> objects
> (of which I have a consistent backup of) successfully. I
> can access Active Directory and see all resources. I can
> even see all the resources from another machine through a
> UNC path. It even prompts me for a username and and
> password. I type the domain name\username and the
> password
> and I can see all printers, etc.
>
> I however cannot log onto or join the domain.
>
> Did anyone else get this?
>
> Any help will be greatly appreciated.
>
> Thanks in advance.
>
> ==
> Download ringtones, logos and picture messages at Ananzi
> Mobile Fun.
> http://www.ananzi.co.za/cgi-bin/goto.pl?mobile
Jacques Butcher
TCM (Technology Corporate Management) Software Engineer
Cell: +27 (0)84 676 0329
Tell: +27 (0)11 483-2000
Fax: +27 (0)11 728-3656
Nat. IT Diploma, MCSE, IBM Tivoli Storage Manager 5.1
Certified, NetVault Certified, IPSTor Certified,
IBM Certified Specialist - Enterprise Tape Solutions
Version 2
==
Download ringtones, logos and picture messages at Ananzi Mobile Fun.
http://www.ananzi.co.za/cgi-bin/goto.pl?mobile
|
|
|
