Active Directory Restoration



Similar documents
How to install Small Business Server 2003 in an existing Active

Delete Failed DCs from Active Directory

Core Active Directory Administration

ILTA HAND 6B. Upgrading and Deploying. Windows Server In the Legal Environment

Installing Active Directory

Creating a Domain Tree

IIS, FTP Server and Windows

Windows Server 2003 Service Pack 1 (SP1) or later service packs Enhanced version of Ntdsutil.exe

Setting Up a Backup Domain Controller

Active Directory Disaster Recovery Workshop. Lab Manual Revision 1.7

Microsoft Virtual Labs. Active Directory New User Interface

In the Active Directory Domain Services Window, click Active Directory Domain Services.

Migrating Active Directory to Windows Server 2012 R2

Introduction. Versions Used Windows Server 2003

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide

ACTIVE DIRECTORY DEPLOYMENT

Setting up Active Directory Domain Services

Active Directory integration with CloudByte ElastiStor

Video Administration Backup and Restore Procedures

SolarWinds Migrating SolarWinds NPM Technical Reference

Module 2: Implementing an Active Directory Forest and Domain Structure

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

Searching for accepting?

Maintaining the Content Server

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

QUANTIFY INSTALLATION GUIDE

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

UNIT 5 ADDITIONAL PROJECTS BEFORE YOU BEGIN. Installing a Replica Domain Controller. You want to improve fault tolerance and performance on

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Windows Domain Network Configuration Guide

Sophos Anti-Virus for NetApp Storage Systems startup guide

Integrating LANGuardian with Active Directory

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR EROOM

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2

Joining. Domain. Windows XP Pro

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

SQL Server Mirroring. Introduction. Setting up the databases for Mirroring

Exchange 2013 mailbox setup guide

How to. Install Active Directory. Server 2003

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

4cast Client Specification and Installation

8.7. Target Exchange 2010 Environment Preparation

Cloud Services ADM. Agent Deployment Guide

SAM 8.0 Backup and Restore Guide. SafeNet Integration Guide

Configuring a Windows 2003 Server for IAS

NAS 206 Using NAS with Windows Active Directory

Chapter 3: Building Your Active Directory Structure Objectives

CloudBerry Dedup Server

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Installation of MicroSoft Active Directory

Professional Mailbox Software Setup Guide

Moving the TRITON Reporting Databases

SplendidCRM Deployment Guide

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Server Installation: ServerTools

Investigating the Use of Virtual Servers to Improve the Restoration Process of an Active Directory Forest

Professional Mailbox Software Setup Guide

Acronis Backup & Recovery Backing Up Microsoft Exchange Server Data

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Quick Instructions Installing on a VPS (Virtual Private Server)

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

Installation Instruction STATISTICA Enterprise Small Business

Click Studios. Passwordstate. Installation Instructions

Configuring the Active Directory Plug-in

How to Program a Commander or Scout to Connect to Pilot Software

How to Manage a Windows NT Server Computer Remotely

Configuration Guide for Active Directory Integration

istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering

Installing and Setting up Microsoft DNS Server

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

LAB 1: Installing Active Directory Federation Services

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Step-by-Step Guide for Setting Up VPN-based Remote Access in a

NF5 VOIP Setup Guide (for Generic)

Active Directory Infrastructure Design Document

Getting Started Guide

How To Install And Configure Windows Server 2003 On A Student Computer

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL

Integrating idrac7 With Microsoft Active Directory

CoCreate Manager Server Installation Guide. CoCreate Manager Server Installation Guide 1

Creating a New Domain Tree in the Forest

Microsoft Lync TM Order & Provisioning. Admin Guide

Microsoft. Jump Start. M11: Implementing Active Directory Domain Services

NETWRIX ACCOUNT LOCKOUT EXAMINER

Installing, Uninstalling, and Upgrading Service Monitor

Installation Instruction STATISTICA Enterprise Server

Other documents in this series are available at: servernotes.wazmac.com

Active Directory Management. Agent Deployment Guide

How the Active Directory Installation Wizard Works

ITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!

Presenter s name here Date of presentation (optional) Windows Security and Domains for Experion

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Transcription:

Active Directory Restoration This document outlines the steps required to recover an Active Directory Infrastructure, running on Windows 2003 R2 Server Standard. The scope of this document covers the scenario where a site has two domain controllers and the primary domain controller has failed. In this event all roles from the primary domain controller (dc01) must be seized and transferred to the secondary domain controller (dc02). Before you can transfer a role, you must have the appropriate permissions depending on which role you plan to transfer: Schema Master Domain Naming Master PDC Emulator RID Master Infrastructure Master member of the Schema Admins group member of the Login to the secondary Domain Controller (dc02) and at command prompt type Ntdsutil and press ENTER C:\WINDOWS>ntdsutil ntdsutil: At the Ntdsutil: prompt, type metadata cleanup and press Enter. ntdsutil: metadata cleanup At the prompt, type connections and press Enter. connections server connections: At the server connections: prompt, type connect to server <servername>, where <servername> is the domain controller (any functional domain controller in the same domain) from which you plan to clean up the metadata of the failed domain controller. Press Enter. server connections: connect to server dc02 Binding to dc02... Connected to dc02 using credentials of locally logged on user. server connections: Type quit and press Enter to return you to the prompt. server connections: q Type select operation target and press Enter. Select operation target

Type list domains and press Enter. This lists all domains in the forest with a number associated with each. list domains Found 1 domain(s) 0 - DC=acorp,DC=local Type select domain <number>, where <number> is the number corresponding to the domain in which the failed server was located. Press Enter. Select domain 0 No current site No current server Type list sites and press Enter. List sites Found 1 site(s) 0 - CN=Default-First-Site- 1 CN=Secondary-Site Name,CN=Sites,CN=Configuration,DC=acorp,DC=local Type select site <number>, where <number> refers to the number of the site in which the domain controller was a member. Press Enter. Select site 0 Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=acorp,DC=local No current server Type list servers in site and press Enter. This will list all servers in that site with a corresponding number. List servers in site Found 2 server(s) 0 - CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration, DC=acorp,DC=local Type select server <number> and press Enter, where <number> refers to the domain controller to be removed. Select server 0 Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=acorp,DC=local Server - CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration, DC=acorp,DC=local DSA object - CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration, DC=acorp,DC=local DNS host name dc01.acorp.local Computer object - CN=DC01,OU=Domain Controllers, DC=acorp,DC=local Type quit and press Enter. The Metadata cleanup menu is displayed.

q Type remove selected server and press Enter. You will receive a warning message. Read it, and if you agree, press Yes. After Metadata Cleanup a series of prompts will appear asking whether the FSMO roles should be transferred from DC01 to DC02. Click Yes to all prompts, but in the event of failure, follow the procedures below to reassign FSMO roles. Use AD Snap-ins to find FSMO Roles Active Directory Users and Computers Use this snap-in to find out where the domain level FSMO roles are located (PDC Emulator, RID Master, Infrastructure Master), and also to change the location of one or more of these 3 FSMO roles. Open Active Directory Users and Computers, Right click on the domain you want to view the FSMO roles for and click "Operations Masters". A dialog box (below) will open with three tabs, one for each FSMO role. Click each tab to see what server that role resides on. To change the server roles, you must first connect to the domain controller you want to move it to. Do this by right clicking "Active Directory Users and Computers" at the top of the Active Directory Users and Computers snap-in and choose "Connect to Domain Controller". Once connected to the DC, go back into the Operations Masters dialog box, choose a role to move and click the Change button. When you do connect to another DC, you will notice the name of that DC will be in the field below the Change button (not in this graphic). Active Directory Domains and Trusts Use this snap-in to find out where the Domain Naming Master FSMO role is and to change its location. The process is the same as it is when viewing and changing the Domain level FSMO roles in Active Directory Users and Computers, except you use the Active Directory Domains and Trusts snap-in. Open Active Directory Domains and Trusts, right click "Active Directory Domains and Trusts" at the top of the tree, and choose "Operations Master". When you do, you will see the dialog box below. Changing the server that houses the Domain Naming Master requires that you first connect to the new domain controller, and then click the Change button. You can connect to another domain controller by right clicking "Active Directory Domains and Trusts" at the top of the Active Directory Domains and Trusts snap-in and choosing "Connect to Domain Controller". Active Directory Schema This snap-in is used to view and change the Schema Master FSMO role. Changing the server the Schema Master resides on requires you first connect to another domain controller, and then click the Change button. You can connect to another domain controller by right clicking "Active Directory Schema" at the top of the Active Directory Schema snap-in and choosing "Connect to Domain Controller".

Active Directory Sites and Services Drill down the Sites > Server and right click on NTDS settings. If a server is to be a global catalog server tick the box on the main tab. Currently Dc02 is the global catalog server. What will happen if the Operations master roles are not available on the network? FSMO Role Schema Domain Naming RID PDC Emulator Infrastructure Loss implications The schema cannot be extended. However, in the short term no one will notice a missing Schema Master unless you plan a schema upgrade during that time. Unless you are going to run DCPROMO, then you will not miss this FSMO role. Therefore this role is required to be available to recover a single server. Chances are good that the existing DC will have enough unused RIDs to last some time, unless it s expected to build hundreds of users or computer object per week. Will be missed soon. There will be no time synchronization in the domain, it will probably not be possible to change or troubleshoot group policies. Password changes will become a problem. Group memberships may be incomplete but as there is only one domain, then there will be no impact. Add Server to the Domain Log onto the new server as the local administrator using password as the password. Click Start and then right click My Computer and select Properties Select the Computer Name tab and click the Change Button In the dialog box select the Domain radio button and enter Acorp and press OK When prompted enter the domain administrator name and password and select OK A dialog box will be shown when the server has successfully been added to the domain. Promote to a Domain Controller 1. From the desktop select Start and Run 2. Type DCPROMO 3. This will bring up a wizard. Follow this wizards directions to promote the server to being a Domain Controller

4. When the wizard has completed, you will be prompted to re-start the system. Install DNS and DHCP DNS is also an internet protocol and is known as Domain Name Server or Domain Name Service. Its purpose is to translate domain names into IP addresses. Whenever we use a domain name, then a service is used for translating domain names into IP addresses and is known as DNS. DHCP is a protocol known as Dynamic Host Configuration Protocol. Its main purpose is to assign different IP addresses to devices on a network. DNS and DHCP are essential to the acorp network setup. DNS entries are integrated into AD, DHCP runs a standalone database, this needs to be restored from a backup. Install DFS using Start > Control Panel > Add/Remove Programs > Add/Remove Components Install DNS and DHCP using Start > Control Panel > Add/Remove Programs > Add/Remove Components Highlight the Network Services options and click the Details to get more options Select DNS and DHCP and click OK Click Next to install DNS will replicate with the existing domain controller to get all the zones. Backup/Restore DNS There is a DNS utility called: dnsdump.cmd: http://www.anandhacorp.co.uk/itresources/dnsdump.cm which can be used to perform backups and restores of DNS settings in the event of corruption or accidental deletions of records. Backup: Restore: dnsdump export d:\dnsdump dnsdump import d:\dnsdump Backup/Restore DHCP There is a builtin DHCP utility called: netsh to before backup and restore which can be used to perform backups and restores of DNS settings as these settings are not saved in AD. Backup: NETSH DHCP SERVER EXPORT C:\scopes ALL Restore: NETSH DHCP SERVER IMPORT C:\scopes ALL

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information