Poll: Have you ever wiped and reinstalled your DC?

Be advised that this is a public poll: other users can see the choice(s) you selected.

+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 33
Windows Thread, DC wipe - how to backup the users / AD etc? in Technical; Hi all I'm sure i asked this before but I'll try again My DC is like death at the moment ...
  1. #1
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 44 Times in 34 Posts
    Rep Power
    29

    DC wipe - how to backup the users / AD etc?

    Hi all

    I'm sure i asked this before but I'll try again

    My DC is like death at the moment and has been ever since the IP range change. Having gone through everything with 8 fine-tooth combs, I think it would be best to wipe it and start fresh....

    So.... The question is, what would the best way be? I dont want to go any install all the clients yet again, but at the same time, I dont want any of the current problems to reappear either :S

    Is there a way I can backup the AD? I can keep export the current shares list from the registry so thats covered i.e. for home dir's etc.

    Also, backing up the GP would be useful - after spending so long on it, I'd hate to lose it all :S

    What adverse effect will it have on the Exchange server? Will it die after DC goes, even when the DC is recreated and the same domain [name] is used? I definately dont want to lose all the emails or I'd be strung up hehe The exchange server is on a physically seperate 2003 server btw

    If this is all easy enough, could I get 2003 R2 and are the client CALs for 2003 usable for 2003 R2 or would i have to buy new ones? [if the latter, then no thanks hehe]

    Any other thoughts?

    Nath.

  2. #2
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: DC wipe - how to backup the users / AD etc?

    If you wipe your DC then you will end up killing exchange as well. You will have to rejoin all the clients etc etc.
    What you should try and do is make a temporary DC on a spare machine or even a virtual machine and get active directory replicated accross to that and all the FSMO roles as well. Once you have tested backups of the original DC I would then see if everything went ok with the new temp DC then I would wipe the original and reverse the process.
    If you end up starting from scratch it's going to be a lot of work.

    Using the same domain name etc will not work as everything works of SIDs and they will be different.

  3. #3
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 44 Times in 34 Posts
    Rep Power
    29

    Re: DC wipe - how to backup the users / AD etc?

    Using the same domain name etc will not work as everything works of SIDs and they will be different
    Hmmm.... thats what I thought Chris *sighs*

    Could I promote the Exchange box as the DC, wipe & reinstall the DC, attach to domain and promote back again?

    Would the promotion copy the shares, and the GP, as well as the AD stuff?

    I dont plan to remove the other partitions on the DC which contain the homedir folders, resources, teacher share, network applications, etc. so that should help recreate the links - as I can change the drive letters back to what they were after the new install I'd wager.

    My thoughts are regarding the permissions on the folders - when the C partition is wiped, will the other partitions lose their security info? or should that info still be there when i get 2003 up and running?

    Nath

  4. #4
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: DC wipe - how to backup the users / AD etc?

    Its easy enough to test that as well. Run something like newsid on a workstation then try and join it to the domain. You will get an error even though an account exists for it. You would have to reset the account to get tit to work.

  5. #5
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 44 Times in 34 Posts
    Rep Power
    29

    Re: DC wipe - how to backup the users / AD etc?

    I presed Submit early on my last post lol theres more there now

  6. #6
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: DC wipe - how to backup the users / AD etc?

    You share information isnt in AD its stored in the registry. I think when I did this last time the files and folders kept their NTFS permissions on the other partition and just the share information had to be restored. Ofc dont quote me on that :P

  7. #7
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 44 Times in 34 Posts
    Rep Power
    29

    Re: DC wipe - how to backup the users / AD etc?

    I know it aint but had to ask hehe

    Im sure your right because when i migrated from the old NT 4 Server to the new 2003 server [two different machines], I physically moved the HDD from one to the other and exported the share list from the registry and I had things like unknown acount and stuff on there security tab of the files

    Just imported the share [after giving the partition the same name] and it worked nicely

    Now what about R2? worth it? can i use my old 2003 CALs with it or not?

    Nath

  8. #8

    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    634
    Thank Post
    11
    Thanked 6 Times in 6 Posts
    Rep Power
    21

    Re: DC wipe - how to backup the users / AD etc?

    Quote Originally Posted by tarquel
    Now what about R2? worth it? can i use my old 2003 CALs with it or not?

    Nath
    A bit of an interim answer for you until someone can confirm, but I'm pretty sure I read that 2003 CALs would be valid for R2



    Andy

  9. #9
    simongrahamuk's Avatar
    Join Date
    Jun 2006
    Location
    Durham, UK
    Posts
    231
    Thank Post
    40
    Thanked 12 Times in 12 Posts
    Rep Power
    19

    Re: DC wipe - how to backup the users / AD etc?

    I've wiped my DC's before, but as we don't run exchange it wasn't a factor.

    The Domain rebuild was forced upon me when our two DC's decided that they were no longer DC's and didn't want to talk to each other anymore (It's a loooong story).

    The way that we managed to recreate users was through the fact that we run Ranger.

    We rebuilt one of the DC's from scratch and reinstalled Ranger onto it, creating a new domain. Then using Ranger Account Manager we got it to recreate all of the user accounts from the unaffected old users shares on a seperate file server.

    1 X New Domain built with 1000 users in less than a day.

    Only problem was that we now had to reatach the 300 workstations, this is what took the time.

  10. #10
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: DC wipe - how to backup the users / AD etc?

    I don't think there is any easy solution for this.

    I've heard what ChrisH proposed referred to as a 'swing' installation (presumably 'cos the AD swings onto a temporary box then back to the real box). Thing is, if the problem is in AD, then this obviously won't get rid of it.

    You could export everything with LDIFIDE (or whatever it's called), but if you've never done it before, it could still be a major job. Even assuming you exported the entire AD then imported it into a fresh domain, there's no guarantee the clients would still work (I'm guessing the secure channel would be broken). GP can be backed up with GPMC and then re-imported. There are so many possiblities it doesn't bear thinking about.

    I guess what I'm suggesting is fix the existing DC. What's the problem with it anyway?

  11. #11

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: DC wipe - how to backup the users / AD etc?

    I kind of agree with both ChrisH and ajbritton here. If the problem lies in AD then rebuilding the DC won't fix it since you would be re-importing your problems from the backup.

    If the problem lies with the DC configuration then use the virtual machine method. Dos_Box and I did this when we discovered a previous employee had pulled a 2000 DC from the domain without using dcpromo!

  12. #12

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,341
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414

    Re: DC wipe - how to backup the users / AD etc?

    Yes 2003 cals are valid for 2003 R2

    Ben

  13. #13

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: DC wipe - how to backup the users / AD etc?

    Quote Originally Posted by Ric_
    If the problem lies with the DC configuration then use the virtual machine method. Dos_Box and I did this when we discovered a previous employee had pulled a 2000 DC from the domain without using dcpromo!
    Is that what brought about that avatar

  14. #14
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 44 Times in 34 Posts
    Rep Power
    29

    Re: DC wipe - how to backup the users / AD etc?

    Quote Originally Posted by ajbritton
    I don't think there is any easy solution for this.

    I've heard what ChrisH proposed referred to as a 'swing' installation (presumably 'cos the AD swings onto a temporary box then back to the real box). Thing is, if the problem is in AD, then this obviously won't get rid of it.
    I know....

    and, I know lol

    I guess what I'm suggesting is fix the existing DC. What's the problem with it anyway?
    yep, thats what i was after, but after a year of no luck and limited amount of holiday time left, i'm worried about giving myself more to do [i've got a room to cable PC's into cupboard's & re-setup the music room when its completed] which is why I'd love to find out if i can fix the DC without a long-winded DC wiping process thingy lol

    Not sure where the thread is now, but last summer it was, and the basic story is after implementing the firewall/vpn system, I changed the IP ranges of the two seperate domains. The firewall still logs old IP addresses coming from the DC's, even though I've completely [AFAIK] removed the DNS server's on both ranges and started again.

    That isn't the problem tho - its the fact that both servers have turned into slugs and have started to affect things now, in that sometimes, no one can connect to the server [which then needs to be restarted].

    I havent seen anything legible in the Event Viewer that gives me any clue, so thus the reason for the idea of wiping the DC. The thought about not wanting to keep the domain settings, and starting again [with the GP, AD Users / Objects & Share Reg export] with a fresh version of the domain was my idea - but having to go and manually start over with all the machines again [like i did last summer at some point after the IP change] I dont relish doing the same again. Its taken most of this year to get everyone happy with the custom programs and stuff on the department pc's.

    *sighs* what to do..... I dunno

    [but if i can just manage to get a job, i will finally wont have to worry about it hehe Any jobs that dont require me moving house available? ]

    Regards
    Nath.

  15. #15

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: DC wipe - how to backup the users / AD etc?

    @tarquel: It sounds increasingly like AD is stuffed and the 'quickest' thing is probably to nuke it and start afresh. As has been mentioned, re-joining you client machines will be a royal PITA.

    I cannot remember if you use Ghost or RIS but if you do, this would be a relatively quick way to rejoin your machines and they would get a spring clean the same time.

    I can help you out with a script to reconnect your users to their homedrives, assigning permissions and ownership. You would still need to re-create your GPOs (although the GP Management Console will export these to files for you so that they can be re-imported or you can create HTML outputs that you can manually re-enter).

    All in all it's probably going to be about a week's worth of work undisturbed!

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. FAO: ELGG users and Moodle Users
    By thegrassisgreener in forum Virtual Learning Platforms
    Replies: 18
    Last Post: 3rd July 2009, 07:12 PM
  2. Veritas Backup Exec Remote Backup
    By apeo in forum Windows
    Replies: 7
    Last Post: 20th September 2007, 10:16 PM
  3. Backup Tapes Replacement & Backup Schedules
    By robknowles in forum Hardware
    Replies: 2
    Last Post: 18th April 2007, 10:55 PM
  4. Replies: 9
    Last Post: 1st August 2006, 10:25 AM
  5. Backup Script for NT backup and Robocopy
    By ChrisH in forum Scripts
    Replies: 12
    Last Post: 20th October 2005, 01:01 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •