Restoring AD – using Secondary Domain Controller

1. Reset Administrator password
ntdsutil
 reset password on server [servername]
 [password], confirm [password]
 quit, quit
 2. Restart server
     Press F8 to select Domain Controller Restore mode
     Iron Mountain: https://insync.livevault.com/login.aspx
     Initiate System state restore
 3. Authoritative restore
 ntdsutil
 authoritative restore
 restore database
 quit
 4. Restart in normal mode
 5. Seize all FSMO roles
 ntdsutil
 roles
 connections
 connect to server [servername]
 q
 seize role
 seize domain naming master
 seize infrastructure master
 seize PDC
 seize RID master
 seize schema master
 quit
 — How to make Active Directory behave like an AD
Troubleshoot:
 nslookup
 kimconnect.local (this should show the PDC of the domain, if not then AD is not working)
 On the AD server, check this log to see the issues with Active Directory: 
 C:\Windows\Debug\netsetup.log
 
  dnsmgmt : DNS console run command
 
 There are two very important folders that allow an Active Directory Server to behave like one:
 – c:\windows\sysvol (contains all the AD objects)
 – NETLOGON (contains all the scripts and GPO policies)
 Fix:
 
 Run
 Net stop ntfrs – to stop AD
 < Restore, recover SYSVOL folder, which contains NETLOGON>
 Net start ntfrs – restart AD (Make SYSVOL authoritative)
 < Use event viewer to see if event #13516 appears to signify File Replication Service the describe Sysvol remount>
 Net Share SYSVOL (<create SYSVOL share> on domain controller if necessary)
 Manual force SYSVOL authoritiative:
 RegEdit
 hkey\local machine\system\current control set\services\ntfrs\parameters\Backup and restore
 <value D2 = nonauthoritative, D4 = Authoritative (non-issue on a single DC)
 
6. DHCP migration
 – Export from old server
 netsh dhcp server export [c:\dhcp.txt] all
 – Import to new server
 netsh dhcp server import [c:\dhcp.txt] all
– Edit DHCP to reflect new DNS servers 
– Authorize
 7. DNS
 8. Flush all DNS information on client machines, peer servers 
 9. Test all services 

Leave a Reply

Your email address will not be published. Required fields are marked *