backingup DC/AD contents 2

[sugu]

Hi,

I need to reformat my server which is running windows 2003 server standard Edt to make space for the C drive as currently we are facing low disk space porblem. This server is functions as the organisation's Domain Controller.

What should i backup so that when i do a fresh set up dc/ad , the computers, users and other necessary stuffs will be in the AD including the DNS and VPN settings.

Thanks!

-su

 

[terry712]

is this a single server ?
the best backup of AD is with the help of a replica on another server.
i would do a full backup including the system state. i would also create the asr backup

can you not do a backup as a belt and braces then use diskpart or such like to expand the c:

 

[sugu]

Hi,

It is a single server. Reformatting the server is my last resort, after trying all means that i could think of to increase the disk space and also, the server wasn't setup in proper way in the first place which before i joined the firm.So, i thought of re-design the structure of the server for better performance.

Thanks!

-su

 

[Smooth23]

hi,

well for resizing the c drive i use Acronis Disk Director Suite 10.0, it's very good and got me out of some tight
situations in the past.

http://www.acronis.com/homecomputing/products/diskdirector/partitioning.html

but if the server has been badly setup in the first place, a complete rebuild is a good idea. as a general rule of thumb it's always a good idea to backup the system to a removable media.

now in this scenario, the preffered method when rebuilding a domain controller is to move all FSMO roles to another DC,bkup sys state then rebuild and when you when you run dcpromo,AD will replicate from the other DC.

If you can temporarilly build a second DC, do it, it will make life easier. If not however, you can run dcpromo /adv which will allow you to install active directory but from a backup set (system state backup) If you decide to go this route, test before hand and get familiar which what's involved 100% but like i said, to have another DC makes life easier and less stressful.

hope this helps.

 

[LWComputingMVP]

How large is the existing C: drive?

A System State SHOULD be all that is required to backup the server, but TEST THIS first to ensure you know what you're doing. Get another disk, replace the existing disk (do a system state backup first), then install the new disk. Install Windows. Restore the system state. Did it work? Yes? Good. No? Put the old disk back and try explore other options.

Better question - what exactly have you tried? Is this Small Business Server or standard? More details please and don't forget - how large is the existing C: drive. (Did you move the page file off the disk?)

 

[sugu]

Hi,

The total size of C drive is 4gig. currently, ther is only abt 300 mb of disk space left. My wsus is in another server. I have moved the page file, spooling, off this disk and also cleared the tmp and unnecessary log files.

the Server is run on Windows Server 2003 Standard edition.

Thanks!

-su

 

[sugu]

Hi,

I have managed restore the DC from my pri server to another system.

How do i test to new DC to confirm that it'll work as Redundant DC if my pri dc goes down. Btw, while doin a dcpromo in the redundant system, i chose the option as another DC .

Thanks!

-su

 

[WhoKilledKenny]

Before testing that, do what smooth23 was suggesting. First make sure your new server is also a global catelog server. To do this Open AD Sites and Services choose the expand the new server and right click Properties on the NTDS settings. Make sure the Global Catalog check box is enabled. Also under NTDS Setting you should see an <automatically generated> connection. Right click on the connection and choose Replicate Now.

Next move your FSMO roles over to the new DC. There are 5 roles you will need to seiz. Schema Master, Domain naming master, RID master, PDC master, Infrastructure master. You will then use the NTDSUTIL to seize the roles. Please read up on this before seizing the roles, if you don't already have an understanding of theses steps.

You can also verify that both AD DC are in sync by using the repadmin /showvector command, again gather info on this from MS site.

A Quick way to make sure users are being authenticated by the new DC is to look at the security logs on the new server.

Next Remove the old DC from the domain: The best way is to run dcpromo. If it fails here is a link to an article to help you remove it -

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Rebuild you old DC the way you want it, place it on your domain, and run dcpromo again to make it a DC.

Im sure all would agree that you should have at least Two DC's for your domain and make them both GCs.


Good Luck...

 

[WhoKilledKenny]

FYI: the bottom part regarding removing the old DC is if the top part does not work and you want to rebuild your original DC again.

I like the procedure of rebuilding from scratch more than restoring the system state from backup, in a production environment.

 

[ncotton]

Two Words


PARTISION MAGIC

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant

 

[sugu]

hi,

how do i go abt building another dc? because..tis is my 1st time working on a dc.

thanks!

 

[Smooth23]

Hello again,

Well WhoKilledKenny has covered it all rally.

And as for building another DC, well, you just did it.

 

[sugu]

Hi All,

I have successfully reformated my server and rejoined the domain as DC. My sincere thanks for everyone who had helped me.

i need to harden my dc server now...can you'll share with me on how do i go about doiing that. I would like to close port 80 also. My dc is also acting as a file server.

Thanks!

-su