Rebuilt server - now lacking trust relationships!!!

[InspireICT]

Had a HDD fail in the PDC, turns out it was the HDD with the System partition on so have replaced the HDD and restored an older Ghost image of the HDD. Everything looks ok except for the fact that every workstation on the network can't login with the following error, "The trust relationship between this workstation and the primary domain failed."

Windows 7 clients and Server 2008 (non R2)

Is there any way to fix this besides dropping every machine off the domain and rejoining?

Thanks in advance.

[3s-gtech]

I'm not sure you can restore a DC in this way. Do you have any other DCs? Do you have a System State backup?

[InspireICT]

I'm not sure you can restore a DC in this way. Do you have any other DCs? Do you have a System State backup?

Embarrassingly, no and no

This is soul destroying!

[sukh]

1. How many DC's in your env?
2. How many domains/forest?
3. You should not restores a DC using a image.

Sukh

[plexer]

The clients are going to be way out of date due to you restoring an old image.

Without an up to date ad backup you will be sad.

Ben

[plexer]

3. You should not restores a DC using a image.

Sukh

Well if that image was taken the day before the hdd died it would be fine but if it's an original install image what you say is true

Ben

[InspireICT]

1. How many DC's in your env?
2. How many domains/forest?
3. You should not restores a DC using a image.

Sukh

1. - Just the one
2. - again, just the one
3. - Yeah I'm starting to get that impression

Any recommendations as to what Backup to use? Is the new Windows Backup in server 2008 any good?

[InspireICT]

OK, it looks like dropping off the domain and rejoining is the way forward and a valuable lesson learned. Thanks all.

[sukh]

@plexer - Correct. I assume there InspireICT knows. Also restoring an image can have others side effects which can destroy your entore AD which I assume InspirtICT is aware of.

Sukh

[plexer]

Server 2008 builtin backup solution is better than no back up at all.

Server 2008 builtin backup solution only supports backup to disk.

It's a start and I would strongly recommend getting something in place.

Don't forget that your AD will also be missing any objects created since that image, computer accounts, user accounts, OU's, GPO's etc...

If you have to re-create user accounts you will also have permissions issues to overcome with their existing files and folders.

A user account with the same name is not equal to the old missing in action account.

Ben

[sukh]

as suggested by plexer use the built in WIndows backup.

Better still, I'd recommend that you have a minimum of 2 DC in any domain for HA/FT. AD is the core of your infrastructure, make sure it is HA.

Sukh

[3s-gtech]

A good lesson is also to have another DC. It can be anything hardware wise really - an old PC with enough RAM can run Windows Server and replicate the AD. I bought an old server from Ebay as one of my DCs, cost less than a tenner fully working. If you get a failure of one DC, the other can be a life saver.

[InspireICT]

Will look into secondary DCs. Has anyone used windows inbuilt software mirroring? I know there will be a performance overhead but is it any good?

[3s-gtech]

Yup, I have it on a Dell 1550. Slow, but works okay.