Sorely need your help, guidance and input on what to do with my corrupted server 2003 AD database.
Last couple of days we have experienced odd issues , mostly around users login, an inability to reset passwords, users getting a profile that is missing several components etc. Long story short the active directory database on the PDC is corrupt. So far only about 2 -5 % of users are affected so I may have a little time to prepare and soften the blow.
Most every help suggestion online boils down to restart server in directory services restore mode and run database integrity and or repair utilities and that is fine and is what we expect to do at some point or as a last resort.
However before we go off down this potentially one way road, I would love your input on the following questions or options that we may have.
First,anyone done this and found a “magic fix” ?
Next - I have another (secondary) domain controller and its copy of the db is 8 days old (when we assume the corruption occurred) is there anything stopping me copying this one to the pdc ? I can boot the servers from a mini xp cd so the db wouldnt be in use.
Can I demote the pdc ? My previous experience when its psu went bang was that the secondary controller did not pick up the reins and the domain was unavailable, despite the secondary also having roles assigned for dns and dhcp. But I feel it should work.
I cant figure how do a system state restore because backup exec runs on the pdc, anyone know of a way round that?
I have other servers that I could dcpromo but they all seem to have local admin accounts for various things and I believe these get lost in the dcpromo process any ideas here?
I do have a vmware v sphere set up ,but these v- servers are on 2008 r2 and I dont think it would play nice with 2003, seems you cant do a p2v on a pdc, ironically, because it apparently corrupts the ad/ldap database. But its there if anyone can see how to use it.
Is there a way to use the user state migration tool to get what I can off the sick pdc?
Lot of questions I know and we have been round this all day, I expect this is going to hurt but want to keep disruption to a minimum what with exams and revision and etc all going on.
Thanks in advance
1. Can work and have seen ti work in some cases.
2. Why is your 2nd DC 8 days old? Are your DC's replicating? You need to to know which DC you believe is the most recent in terms of up to data with no corruption. Then replicate that to the other DC.
3. Yes you can demoted a PDC, but I would again check where all your FSMO roles are and transfer them to a working DC beofre demoting.
4. Before doing a restore I would identity a working DC if you have one. Otherwsie you may overwrite a working directory and may lose some of your config.changes.
5. A DC would have local accounts, not sure what the issue here would be you can use domain accoutns.
6. What info is on the sick PDC? there's load of util which you can use to boot into the DC with and grab your files. Search this forum, there are a few mentioned here with steps.
There are currently 1 users browsing this thread. (0 members and 1 guests)