Steps are: * Restore the DC marking the data set as primary * Increment the RID pool in AD with 100000 (see to it that the DC/RIDMaster has not allocated a RID pool to itself---> error event ids 16651 or 16651 are OK) If you see event id 16648 before raiding the RID pool, create 501 objects in the domain and delete them afterwards) (In the event viewer event id 16648 should appear within 30 minutes or something after incrementing the RID POOL in AD) * Now the interesting part: if you have DCs in other domains that are also GC, demote these GC servers, after all GCs are demoted promote them back to GC. One other solution is to rebuild the child domain naming context on all GCs that are in other domains (I prefer the latter solution) (A few days ago I posted something concerning the GC contents when all DCs within a domain where restored from backup. Because all DCs are restored the domain went back in time while the GCs in the other domains contain current data. As the GCs with the newer data will never update the authoritative DCs the GC data concerning the child domain naming context has to be rebuild!!!) The tool to use for the latter solution is REPADMIN /UNHOST <FQDN TARGET GC> <DN NC> (w2k3 support tools) * If you are using cross-domain memberships check those to see if everything is OK * Finally check event viwer for errors and warnings and take appropriate measures * Don't forget to test/check trusts, computer accounts memberships and user accounts. Recreate accounts that were created after the backup that was used for the restore of the DC * Check ACLs on files and folders (SUBINACL) to remove unknown accounts
These are a few steps you can use. Be sure to test these in a test environment!!! See also: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn ol/ad/windows2000/support/adrecov.asp Regards, Jorge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, February 04, 2004 17:20 To: ActiveDir (E-mail) Subject: [ActiveDir] Restore a failed DC that was the only DC for a domain What are the steps to restore a DC that was the only DC for a child domain? Justin A. Salandra, MCSE Senior Network Engineer Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
