none
Cannot restore Active Directory

    General discussion

  • I'm doing a disaster recovery plan for my company and I'm stuck with AD restoration. I cannot restore my domain by using system state backup on another hardware. FYI, my domain has a functional level of Windows 2000 native.

    I've tried article id: 263532 (How to perform a disaster recovery restoration of Active Directory on a computer with a different hardware configuration) but to no avail.

    I've tried using IFM but I've encounter this error "Unable to verify the restored files in the folder c:\NTDSRestore. Please ensure that the folder contains a restored Active Directory backup. The error was: The system cannot find the file specified."

    Then, I've tried to create a new domain with the same name and by using ntdsutil, I've copied the previous ntds.dit and edb.log but then I've got this error "
    LSASS.EXE - System Error, security accounts manager initialization failed because of the following error: Directory Services cannot start. Error status 0xc00002e1. Please click OK to shutdown this system and reboot into directory services restore mode, check the event log for more detailed information."

    Then, I've tried using ADMT but then it's only useful when you still have a domain/server around but what if you don't have it anymore.

    Then, I thought maybe I can create an additional DC through normal replication then put away the server since no other way works then I would take out the computer and use it when the time comes (surely it'll need to be updated once in a while). Is this even possible?

    Any suggestions or workaround?
    Wednesday, March 04, 2009 10:16 AM

All replies

  • Hi,
    To make a restore of your domain controller, just make a backup of your system state with the NTBACKUP application of your windows server and then save it on a Flash Memory or a CD/DVD.
    When you have your backup made, just boot your DC hitting <F8> and select for active directory restore option.
    Then just make the restore of your system state with the backup that you have make previusly of your system state.

    If you still need more info. check this link:

    For an simple restore of a DC:
    http://technet.microsoft.com/en-us/library/cc784922.aspx

    For a hardware failure of your DC:
    http://technet.microsoft.com/en-us/library/cc785849.aspx

    Good luck with your documentation!!
    Regards,
    Friday, March 06, 2009 2:07 PM
  • Hi there,

    Thanx for the reply but I've been there done that. The thing is, the system state is only useful if you still have the same server but try to restore the system state to another server and the thing is useless.

    I'm trying to create a scenario where all the hardware is lost and what's left is the offsite backup (backup tape) and I'm trying to figure out how to make a good backup out of an Active Directory so that I can restore it when the time comes.

    http://technet.microsoft.com/en-us/library/cc784922.aspx - same as above.

    http://technet.microsoft.com/en-us/library/cc785849.aspx - you need another dc to replicate.

    Documentation really is painful.


    Wednesday, March 11, 2009 1:45 AM
  • Can't you add another DC in your domain ? You should always try to make your DC's redundant...
    If one of your DC's crashes you can always rebuild it using the 2nd one.
    Wednesday, March 11, 2009 2:44 PM
  • Currently I have two DC's. One is the primary DC and the other one is the additional DC. Yes, I can rebuild it easily using the 2nd one by using normal replication but in my case, all the hardware is lost therefore I don't have the luxury of the 2nd DC.
    Thursday, March 12, 2009 1:53 AM
  • There are many small businesses that aren't about to add a second DC, when they can barely afford a single one.

    I know of one small business that had all four of its servers stolen on a Sunday afternoon. All the servers, all the tapes, and the tape drive were all stolen in a search for credit card numbers. That (soon to be) client also found that their backups weren't working properly and the one remaining tape had nothing on it but a few system files.
    • Proposed as answer by Chirag Gupta Thursday, March 12, 2009 10:02 AM
    • Unproposed as answer by hasril Friday, March 13, 2009 3:41 AM
    Thursday, March 12, 2009 5:05 AM
  • For disaster recovery of above kinds you can use "Full Server Recovery".

    For more details please refer http://technet.microsoft.com/en-us/library/cc755163.aspx

    Thanks, Chirag G [MSFT] -------------------------------------------------------------------------------- - This posting is provided "AS IS" with no warranties, and confers no rights
    • Proposed as answer by Chirag Gupta Thursday, March 12, 2009 10:02 AM
    • Unproposed as answer by hasril Friday, March 13, 2009 3:41 AM
    Thursday, March 12, 2009 10:01 AM
  • I guess we'd have to decide what version of Windows Server the OP is trying to restore. I was assuming that a functional level of Windows 2000 Native and a reference to a KB article on restoring Windows Server 2000 would imply something earlier than Server 2008 and its Windows Server Backup. But I could be wrong.
    Thursday, March 12, 2009 10:20 AM
  • Chirag Gupta [MSFT] said:

    For disaster recovery of above kinds you can use "Full Server Recovery".

    For more details please refer http://technet.microsoft.com/en-us/library/cc755163.aspx


    Thanks, Chirag G [MSFT] -------------------------------------------------------------------------------- - This posting is provided "AS IS" with no warranties, and confers no rights


    I've read the article and it is meant to restore the OS only by using Windows Server Backup. No AD included though. Since all my hardware is lost then surely my company will buy a new server and most likely with different specs from previous server.

    Then at that point of time, all I need to do is reinstall the OS + configure driver + restore backup for DNS, DHCP, WSUS, databases and various data + software applications especially my Symantec BE to restore all of those data. The only thing I'm stuck with is how am I to restore my AD then.
    Friday, March 13, 2009 3:40 AM
  • I'm sorry for the confusion. I suggested to use Windows Server Backup for your future backup plan to include disaster recoveries.

    Thanks, Chirag G [MSFT] -------------------------------------------------------------------------------- - This posting is provided "AS IS" with no warranties, and confers no rights
    Wednesday, March 18, 2009 4:50 AM
  • Hasril, full server backup also includes all the system state incluing DNS, DHCP, AD state etc. it can be recovered on machine with different hw also.

    wbadmin start backup -allcritical
    >> this will backup full server including system state.

    wbadmin start sysrecovery
    >> this command in win RE environment can recover the full server including system state (AD STATE ETC) on same or different hw.
    ------- this information is provided as-is without any warranties, implicit or explicit.
    Saturday, March 21, 2009 11:14 AM
  • Sushil.Baid [MSFT] said:

    Hasril, full server backup also includes all the system state incluing DNS, DHCP, AD state etc. it can be recovered on machine with different hw also.

    wbadmin start backup -allcritical
    >> this will backup full server including system state.

    wbadmin start sysrecovery
    >> this command in win RE environment can recover the full server including system state (AD STATE ETC) on same or different hw.


    ------- this information is provided as-is without any warranties, implicit or explicit.


    Ermm perhaps but I will never know because I'm not yet using Windows Server 2008.

    Any suggestions for Windows Server 2000/2003?
    Monday, March 23, 2009 1:01 AM
  • you may want to post this question again on the windows server->directory services forum and see if you get an answer.
    ------- this information is provided as-is without any warranties, implicit or explicit.
    Friday, April 03, 2009 4:50 AM
  • Thanx.
    Monday, April 06, 2009 8:37 AM
  • For us , we used Symantec Backupexec Server Backup, do it with the FULL VSS backup and it works like a charm ;D
    Wednesday, April 08, 2009 4:04 PM