Directory Restore Mode Password Question + Partition Backup

[doofusdog]

Oh dear.

Our Active Directory and Domain on our only DC has disappeared due to something going very wrong when trying to add a second DC to the domain yesterday.

I do have a Windows Backup / NT Backup of the C drive and system state.

However I didn't know the Directory Restore password when the backup was made 3 days ago. I changed that password on the DC yesterday. But did not repeat the backup.

So my question is: is the password required to open the backup? Or merely to get the DC into the directory restore mode? Is the password in the backup?

The other thing is:

I should backup the c drive before I attempt the DS restore.. Can anyone recommend a backup program? I would use dd on a linux boot disk, but I do need to be careful as the other partition on the disk holds the school's data. I do have a backup of this... But it would be a large restore job! Or should I rely on the fresh NTBackup that I have done today, which of course has the bung System State in it. Or Acronis True Image?

Phew,
thanks!
Craig

[SYNACK]

As far as I am aware the restore mode password is just used to boot into DS restore and is not required for the actual restore. I would do a full backup including one that is able to do a bare metal restore so True Image (if it will run on the server OS) or even a Ghost image.

As you only have one DC at the moment it actually makes it easier, DS restore mode boots into a kind of safe mode where the AD stuff is not booted and then when the system state restore is complete it writes a new, really high revision ID to the AD Schema, settings, etc. This is so that it is authorotive and will restore the backup over the top of the current DC and any others even if they have higher revision IDs. As you only have one DC you may be able to get away with (after full backup) just restoring the system state in safemode assuming you can't get in to DS recovery mode.

Edit: Yes the password is in the backup so when you restore it it will reset the DS revocery password to what it was when the backup was made.

Good luck and I hope it works out for you.

[doofusdog]

I can get into DS recovery mode.

The restore began fine but the instructions I have say to restore the c: drive and the system state, but this requires about as much free space as the the backup is. However the partition is mostly full. A partition move and resize using acronis says it will take 6 days.. So I'm going to find out exactly which files need restoring... because I don't think it's many..

I now have two nearly identical servers running identical images... One to practice on! The other one will be the fixed DC !!

[SYNACK]

You should just need to restore the system state, all the rest should be fine as its the same DC and you are just restoring the AD stuff rather than all the program files etc. as given that it was killed by another DC attempting to promote it should just be the schema and stuff like that which could have been effected. All the required stuff should be in the sysvol folder and the AD logs folder (whatever that was called at install).

[doofusdog]

Yeah I figured as much and IT WORKED!

I've done my practice server, now starting the real one..

thanks for the support!
Craig

[doofusdog]

done! we have a domain again!

yessssssssssssssssssssssssssssssss!!!!

[SYNACK]

Good stuff, glad it all worked out for you