Results 1 to 9 of 9

Thread: Active Directory Problems

  1. #1
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660

    Active Directory Problems

    Hey all, Long time no post.

    Just a few questions regarding this domain which has crapped itself all over the place; and yes, restoring from backup IS a good idea but unforunately due to the problems in active directory backupexec does not want to play ball.

    My plan is to remove active directory and the entire domain with dcpromo and then create an entirely new domain.

    Does anyone have any suggestions regarding this, or had experience in using this method. After all the tech notes i have read MS says this method is far easier when dealing with corrupt databases etc....... Server 2003 Std.

    Also, does anyone know how long this process will take? Any input and questions for discussion would be a great help.

    Cheers!

    CTO
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Depending on the size of your userbase I suggest NOT creating a new domain.
    Useraccounts aren't identified by the account's name but by their SID. This SID is dependent on the domain. So if you create a new domain and recreate the accounts everyone will get a different SID and no-one will be able to access their own files. You would have to reset every single ACL on your fileservers.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    well, how long it takes depends how many users you are going to recreate and how much you want to play with group policy. I imagine reinstalling is quite quick.

    Can you not do a disaster recovery and just shove a tape in and restore it using hardware? I know ours will support that.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  4. #4
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    I also forgot, this is also a terminal server. How will the TS licenses be affected by the removal of a domain and creation of another? In theory it should not be affected - All that is required would be new accounts to log on with.

    SirDice: Userbase is <10 . Unfortunately i do not believe i have any other choice but to create a new domain. This is a very simple site - in fact it does not even require a domain, it could function very well on a workgroup. Also there should be no encrypted files on the server therefore shared data will be fine with new accounts & SID.

    More input is welcome!

    Cheers

    CTO
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  5. #5
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    Aardpsymon: This problem started around a week ago, and as such the backups have not been working since then. This is a tax accountant office and the season is upon us - I cannot guarantee that if i restore that the data between the backup and now wont be lost and believe me - if that happens all hell will freeze while my ass is sued *nervous giggle*.

    Considering also it is a very small site i have no problems removing the domain, especially since they dont have exchange.

    Wanna know how the problem started. New harddrives installed into the raid array replaced smaller drives. Not sure how it was copied (assume ghost) but all of the authenticating problems and domain issues started right after the server booted back up. Ever heard of a similar issues from the same means, or should i assume the actual ghosting was off mark.

    Cheers
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  6. #6
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    I would guess the ghosting has gone wrong. But yeah, with that few users it should be no problem to recreate them.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  7. #7
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    End Result:

    Used dcpromo to remove active directory and revert the server back to a stand-alone. This took no longer than 15minutes. Server reboot - ok. Check a few settings and configurations to see what has changed and if anything had been broken as a result - all seemed ok.

    Knowing windows, i decided to give it another reboot before i reinstalled active directory, just to be on the safe side *smirk*

    Reinstalled active directory fine, this took another 15minutes. Started joining the previously domain now workgroup PC's, back onto the new domain. Rebuilt user accounts and policies all good. (I bet you feel there is a 'but' coming on)

    There were a few problems with profiles though, for some reason if i just copied the files over to the new profile it didnt take - apps had errors etc. Anyway, it all went pretty smoothly - thanks for all your input! Everything is up and running again so all is well...... *calmed sigh*

    Cheers

    CTO
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  8. #8
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    I'd imagine the profile errors relate back to SID perhaps. Or maybe reinstalling AD and changing the domain does things too.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Wanna know how the problem started. New harddrives installed into the raid array replaced smaller drives.
    To the original cause of the problem, what version of ghost were you using? Not all versions of ghost support RAID drives.


    http://entkb.symantec.com/security/o...613522725.html
    Last edited by mohaughn; May 14th, 2007 at 08:11 PM.

Similar Threads

  1. How to Create bat files....
    By cool_boy in forum General Computer Discussions
    Replies: 3
    Last Post: June 29th, 2006, 02:45 AM
  2. Active Directory New Issue
    By FanacooL in forum Newbie Security Questions
    Replies: 17
    Last Post: May 30th, 2006, 06:32 AM
  3. Active Directory Problem
    By novkhan in forum Operating Systems
    Replies: 11
    Last Post: July 1st, 2004, 05:55 PM
  4. Active directory
    By mrg81 in forum Microsoft Security Discussions
    Replies: 6
    Last Post: June 23rd, 2004, 08:36 PM
  5. From NT Domain to Server 2003 Active Directory
    By Nightfalls_Girl in forum Microsoft Security Discussions
    Replies: 0
    Last Post: July 25th, 2003, 12:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •