Restore AD to new server 1

[malekdannourah]

Guys,

I need to ability to restore a full AD to a remote server with no connectivity back to the main office at all.

I found this article which is for Windows 2000 -

http://support.microsoft.com/Default.aspx?kbid=263532

- but I am using Windows 2003.

Does anyone know if this will work for 2K3?

This is for a DR solution. I can build the DC at main office, but at some point in the future, we need the ability to restore the AD database from backups taken at the main office onto a DC at the DR office.

There is no connectivity between the 2 offices.

Any help appreciated.

Thanks

 

[monsterjta]

Yes, it's possible. I perform DR's quarterly, and part of this is obviously bringing up a DC.

First thing to know: if you have more than one DC in your prod environment you will need to take extra steps in restoring a SINGLE DC in a DR excersise. You must cut off replication with all other DC's in the DR environment, or the server WILL NOT be able to issue any RID's! Use REPADMIN to do this. You will need to use the /EXPERTHELP switch for the 'delete' syntax.

Now, on the other hand...you may bring up more than one DC in DR and replicate. This will allow the RID master to issue.

Before this get's too long winded, I will say that it is possible to restore a DC to unlike hardware and fewer drives and drive space than the original DC. Many sources say that it cannot be done. I have done it.

1: Install the OS.
2: Restore all partitions from backup, EXCEPT for the system partition. I suggest using native NTBACKUP. In my experience it worked better than Brightstor or Veritas.
3: Restart, F8 into DS Restore Mode.
4: Save boot.ini and hal.dll onto floppy.
5: Restore system partition and system state, overwriting all files. (check your option on the menu bar, as well as final step just before restoration)
Do NOT restart yet!
6: Restore boot.ini and hal.dll from previous step.
7: Restart, F8 into Safe Mode with Command Prompt and login.
8: Wait for dialog box stating the devices are installed and to restart.
9: Restart in normal mode. Obviously you will need to login using credentials that were in effect when you took the backup.

Should be in business. Again, remember the first thing I said in this post!

Good Luck!

 

[malekdannourah]

Hey, thanks a lot for your post. I guess then, its pretty much as per the w2k atricle then. You restore system state, and do whats necessary to get the restored (DR) DC to boot.

Just got a couple of questions if you dont mind.

1. Since I have no connectivity between the DR environment and the Prod environment, then I guess I dont have to worry about the RID issue?

2. In step 2 above, what are you actually restoring? Do you mean disk partitions or AD partitions?

3. OK, so step 5. is essentialy the disk partition that Windows was installed on (usually all of c:\), and the system state data - right?

Ok, well, I pretty much think I got what you are telling me, its mainly really understanding what (and why if poss) you are restoring in step 2, thats all.

Thanks Again.

 

[monsterjta]

Answers to your questions...

1: Yes, you DO have to worry about the RID issue when you are NOT connected to your prod environment.

2: I'm just saying, go ahead and restore any data that you may have on any other drives (D:\, F:\, etc.) Not absolutely necessary though.

3: Yes, the system partiion is generally c:\. Basically, the entire drive your system file are located.

Hope that helps!

A purple thank you star would be nice. Thanks!

 

[malekdannourah]

Thanks Again mate!

OK, I good with most of this. Just to hark back to the RID issue. There will only be 1 DC at the DR site, still an issue then?? What I am trying to get at is do I need to do anything with regards to replication at the prod site before taking the backup?

Star on its way! ;-)

Malek

 

[monsterjta]

Yes, RID Master will be an issue at the DR site. You must delete all replication partners at the DR site if you are ONLY bringing up one DC. More than one and no RID issue. You'll get error and warning events that DC couldn't find REP partners, but you'll be able to function nonetheless. If you wanted to clear up the events, you CAN delete REP partners. But for the purpose of a DR excersise it isn't necessary (you would probably only do that in a true DR).

Do not do ANYTHING to your production environment, especially delete any REP partners (you'll surely have a difficult time explaining that one).

Hope that helps!

 

[monsterjta]

By the way, you are definitely going to want to severe ALL communications with your prod environment and DR environment. You will develop serious issues if they communicate.

Good Luck!

 

[monsterjta]

By the way, I apologize for mentioning the star. I just read the "no-no's" of the site, and one isn't supposed to mention anything about stars! OOPS... I guess I was overzealous.

Hope This Helps,

Good Luck!

(I do what I can with what I know)

 

[malekdannourah]

Right - gotcha! Thanks a lot.

Dont worry bout the star thing. Did you get it anyways. To be honest, I would have known to issue one otherwise!

 

[captaincrunch00]

I use Veritas to make backups of my DC. I have used NTBackup to make a backup of my System State to the DC's D drive; I use that during my restore process to restore to different hardware.
Here are my steps (these are LOOOONG, copy/paste, print them out and it should work. This is for different Hardware!)

Rebuilding and Restoring W2003 Domain Controller

1. If you have a plain Server 2003 Enterprise installation on the server, ignore these next few steps as long as the drives are partitioned to what you need.
a. Put in the Windows Server 2003 Enterprise Server CD and boot the server. Watch the bootup, when it says “Press a key to boot from the CD” hit a key.
b. When you see the blue setup screen press Enter
c. Accept any agreements with F8
d. Delete any partitions by following the menu options. Usually: D, then Enter, then L.
e. Create a C and a D partition of any sizes that you need. In our case we’re going to make a 12GB C drive, and a 75GB D drive.
f. Install windows on the C drive by highlighting C and hitting Enter
g. Format using the NTFS file system
h. It will copy files, then reboot. Do not boot from the CD again, just let it waltz on by that ‘hit any key’ screen.
i. You’ll have to set up the windows config, Enter a name, Computer name, no password, choose ‘Per Device or Per User’ for licensing, just accept the defaults, name the computer what you want, and put the time to the correct time, and typical network settings work well, as does leaving it in ‘Workgroup’
2. Log into the server, make sure all the drivers and devices are working by going to device manager and looking. Install what drivers you need to.
3. Create a login account that you use to backup the server with: ‘Backup’ in our case, with the same password that our network password is. Add the user to be a member of the Admin group.
4. Insert the Backup Exec 9.1 CD, if it’s my copy you will have to unzip it to a folder you make on the D: Drive, then install it from there.
a. Do the Local Install always, Do not enter any serial numbers, install the “Advanced Open File Option,” and change the default path for the install. I install Veritas 9.1 into the D: and leave the rest of the path the same. Enter the Backup username that we created in step 3, and leave the “use veritas drivers” checked, then install the program.
b. Accept any drivers that need to be installed, then uncheck the top two boxes and hit Finish when it pops up. The server will restart.
5. Log back in to the server, make sure the tape drive is using Veritas Drivers.
6. Launch Backup Exec, do the Startup Wizard:
a. Configure Media Sets later, Overwrite Scratch, None.
7. Do the Device Config Wizard:
8. Do the Logon Account Wizard:
a. Select the existing Backup account that you hopefully put in during the install.
9. Inventory, then catalog the tape.
10. Install the Microsoft Loopback adapter. Go to Control Panel, then Add Hardware. Let it scan and fail, Say you already attached the hardware, then add it manually from the bottom of the list.
a. Disable the other Local Area Connections, and do a ‘repair’ or a ‘renew’ to the Loopback adapter so it gives itself an IP address.
11. Restore the D drive.
a. Make sure you use a file redirect to point from the DC on the tape to your D drive on the server. Also, hit the ‘skip if file exists’ thing.
b. Reboot.
12. In Veritas restore only the C drive, do not restore the Shadow Copy Components.
a. Use file redirection to restore to the backup servers C drive.
b. Skip existing Files again
c. DO NOT RESTART
13. In windows NT backup, under System Tools in the Accessories Menu, restore the system state that was restored onto the D drive. Restore from File, not from tape.
14. Reboot into Active Directory Services and Repair mode by hitting F8 quite often during bootup. Do not let the server boot into normal mode, use the power button if you miss the F8 thing then try again.
15. Once in Repair mode, install the drivers for everything on that computer. Once every driver is working well, Open up a command prompt, type the following:
a. Ntdsutil <enter>
b. Authoritative restore <enter>
c. Restore database <enter>
d. Click OK
e. Click Yes
f. Wait for it to complete
g. Type Exit or Quit until you are back to a desktop.
16. Reboot into normal mode.
17. Change the IP of one of the NIC cards to the same as the server you restored from, and disable the other one.
18. Reboot, pray it works.