server 2003 system state backup/restore
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: server 2003 system state backup/restore

  1. #1
    Member n00bius's Avatar
    Join Date
    Mar 2005
    Location
    texas
    Posts
    86

    server 2003 system state backup/restore

    Had a question, if a server crashes, completely, i.e. complete failure, and the data isn't recoverable, and the server can't be reused, can you do a system state restore after a clean install on a different hardware platform? (same processor architecture)
    ...:::Pure Kn0wledge:::...

  2. #2
    Junior Member
    Join Date
    Nov 2007
    Location
    Mobile, Alabama
    Posts
    11
    Noobius, I will consult my server admin book shortly- But I dont BELIEVE that it would be possible to retrieve the info... I'll repost shortly with a correct answer, or to let you know if I can't find it- Is it Urgent?
    Editor of www.backdoor-hunters.dnsdojo.org
    --------------------------------------------
    Your Source For IT Security And Hacker Alerts
    Gillis Jones

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Only if you've made proper backups...

    Why do people think about backups when it's really too late?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Member n00bius's Avatar
    Join Date
    Mar 2005
    Location
    texas
    Posts
    86
    lol, actually, i'm doing this preemptively, haven't had a server failure...yet. But I just wanted to verify that if one had sufficienct system state backups (i.e. not outside of tombstone lifetime), how much time, and what would be the process/limitations of restoring the domain controller into AD as well as bringing it back to full functionality.

    oh and Gillis57, I don't want to recover the data, but I want to recreate the server from a previous system state backup before the server crashed.
    ...:::Pure Kn0wledge:::...

  5. #5
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    You want to restore a completely failed AD Controller? Real world That ain't going to happen.

    Here's why.

    Someone, somewhere has made some type of change - of course only documented on a sticky pad - that you are not aware of. Further, you don't have a backup since the last AD Replication.

    So what you have to do is restore registry settings from backup, but first you MUST ensure that your patch level is exactly the same as when you did the backup. Also, if you try to add the server back to the domain with any domain role, AD is going to bitch and moan. So the only way to restore a domain role to an exact previous state is to do the restore off line. (That's going to take some registry edits that, in the long run, will drive you nuts.

    Now remember that (If your domain is even half assed set up correctly) AD figures that this server is turned off. After time, AD will assume it's off line for good. More registry edits to what ever the primary DC is and then let replication take place.

    Cross your fingers, turn on the server and plug in the nic. First thing you'll notice is that the database is out of sync and a replication request has been issued. Next, WINS starts whining that its database is incorrect and starts to tombstone all records related to your new install (Until the next rep cycle)

    Remember that undocumented change you knew nothing about? Yea that's either going to blue screen you or cause some AD Corruption that will take you 6 weeks to find and fix.

    AD is pretty good at handling things when one or more of the server roles fail. The only way you can reasonably restore from the dead is to replicate all FSMO roles off to another backup server (real time)

    Then as long as the server is not only server master here's what you do.

    Install a new server. Let it settle and wait 15 minutes to an hour. Then delete the downed server from AD Users and Computers. Everywhere. And in DNS. Everywhere.

    Then change the server name to the downed server and transfer rolls from your backup. Quick and easy. (No Regit entries)
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  6. #6
    Member n00bius's Avatar
    Join Date
    Mar 2005
    Location
    texas
    Posts
    86
    hmmm, so lets say a server went down and we have a recent system state backup (meaning < tombstone lifetime) and we're not really worried about the changes that occured between the day of the update and the date of the restore, only that AD doesn't accidentally overwrite the new data with the old. Would the method in the following link be practical, because all else equal, it would be as if you recreated the same server since it has the same SSID and you don't have to worry about any broken AD connections between the DC's?

    http://technet2.microsoft.com/window....mspx?mfr=true
    ...:::Pure Kn0wledge:::...

  7. #7
    I seem to be missing the point...
    What are you trying to achieve here?
    If you have a surviving DC other then the failed one, the entire effort is moot (and a waste of time). Just install a fresh system and promote it to DC role to the domain.

    If it's the last or only DC, then you're up s**t creek . In such a case, i would expect that the referenced procedure is your last resort.

    I will try to recreate the instructed process on my virtual environment, and will post results .

  8. #8
    Member n00bius's Avatar
    Join Date
    Mar 2005
    Location
    texas
    Posts
    86
    The biggest advantage to this type of restore would be that it wouldn't invalidate any trust relationships the server/domain controller had with other DC controller since it'd retain the same SSID. While just creating a new server, and promoting it to a DC would create a new SSID, even if it was the same machine, which would warrant recreating each of the trust relationships again. I could see this being a big issue, in a mesh type AD configuration, or a custom configuration if a DC wasn't demoted gracefully.
    ...:::Pure Kn0wledge:::...

  9. #9
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    Quote Originally Posted by n00bius
    I could see this being a big issue, in a mesh type AD configuration, or a custom configuration if a DC wasn't demoted gracefully.
    You're confusing me. Are you talking about a wireless ad-hoc type network?
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  10. #10
    Member n00bius's Avatar
    Join Date
    Mar 2005
    Location
    texas
    Posts
    86
    I was referring to the topology in Active Directory, AD has a layout of how it updates all the domain controllers, i.e. if you were to go into Active Directory Sites and Services and look at the NTDS settings for each domain controller, by default a mesh network is made between each DC, so if there were three domain controllers there'd be two connections each.

    tell me if that makes any sense.
    ...:::Pure Kn0wledge:::...

Similar Threads

  1. Windows 2000 Tips
    By Nokia in forum Tips and Tricks
    Replies: 0
    Last Post: June 12th, 2004, 05:13 PM
  2. A look into IDS/Snort Whole thing by QoD
    By qod in forum The Security Tutorials Forum
    Replies: 6
    Last Post: February 27th, 2004, 02:03 AM
  3. ports
    By hatebreed2000 in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: March 14th, 2003, 05:36 AM
  4. Newbies, list of many words definitions.
    By -DaRK-RaiDeR- in forum Newbie Security Questions
    Replies: 9
    Last Post: December 14th, 2002, 07:38 PM
  5. Denail Of Service FAQ
    By Ennis in forum The Security Tutorials Forum
    Replies: 4
    Last Post: November 15th, 2001, 06:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides