Restoring AD – using Secondary Domain Controller

1. Reset Administrator password
 reset password on server [servername]
 [password], confirm [password]
 quit, quit
 2. Restart server
     Press F8 to select Domain Controller Restore mode
     Iron Mountain:
     Initiate System state restore
 3. Authoritative restore
 authoritative restore
 restore database
 4. Restart in normal mode
 5. Seize all FSMO roles
 connect to server [servername]
 seize role
 seize domain naming master
 seize infrastructure master
 seize PDC
 seize RID master
 seize schema master
 — How to make Active Directory behave like an AD
 kimconnect.local (this should show the PDC of the domain, if not then AD is not working)
 On the AD server, check this log to see the issues with Active Directory: 
  dnsmgmt : DNS console run command
 There are two very important folders that allow an Active Directory Server to behave like one:
 – c:\windows\sysvol (contains all the AD objects)
 – NETLOGON (contains all the scripts and GPO policies)
 Net stop ntfrs – to stop AD
 < Restore, recover SYSVOL folder, which contains NETLOGON>
 Net start ntfrs – restart AD (Make SYSVOL authoritative)
 < Use event viewer to see if event #13516 appears to signify File Replication Service the describe Sysvol remount>
 Net Share SYSVOL (<create SYSVOL share> on domain controller if necessary)
 Manual force SYSVOL authoritiative:
 hkey\local machine\system\current control set\services\ntfrs\parameters\Backup and restore
 <value D2 = nonauthoritative, D4 = Authoritative (non-issue on a single DC)
6. DHCP migration
 – Export from old server
 netsh dhcp server export [c:\dhcp.txt] all
 – Import to new server
 netsh dhcp server import [c:\dhcp.txt] all
– Edit DHCP to reflect new DNS servers 
– Authorize
 7. DNS
 8. Flush all DNS information on client machines, peer servers 
 9. Test all services 
Posted on Categories Windows

Leave a Reply

Your email address will not be published. Required fields are marked *