Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Restoring active directiry and rolled back usn

Status
Not open for further replies.
sickbay

sickbay

Technical User
Jun 21, 2002
34
GB
Hi all I have a problem I would like some advice on.

We have a windows 2000 DC running Exchange 2003. Recently, there was a power falure and the server did not shut down gracefully. There was some corruption on the system disk and after repairing, active directory replication is disabled.

It is showing all the signs of a rolled back USN.

Microsofts solution to a rolled back USN is to demote the DC. We cannot do this as it is running Exchange.

My question is if I do a non-authoritive restore (about 3 weeks ago) from our Arcserve backup, will this resolve the rolled back USN issue and restart replication from the functioning DC?

Thanks for any help


Andrew
 
Sort by date Sort by votes
I beleive it should. Note however that any use that changed their password since the backup date will need to remember their old password. Any new users will need to be recreated as well.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Also a good time to note that this is one of the reasons that MS recommends NOT installing Exchange on a DC.

If you have a member server at your disposal, you might want to consider installing Exchange on it then use Move Mailbox to relocate mailboxes to the new server. Uninstall Exchange, fix the DC and if necessary move Exchange back by reinstalling Exchange and repeating the move process.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Yes, thanks for that, I will give the restore a go. I think that as netlogon is disabled on the offending DC that all changes will have been made on the functioning DC and so there should be no problems - Correct me if I am wrong!

Yes, I would not have installed Exchange on a DC if I had known what I know now, unfortunately, I cannot just install it on a new DC as our domain is still 2000 and I cannot install exchange 2003 on 2000.

I am planning to upgrade the domain but I am nervous about doing this at the moment. I will need to invest in a new server at this time and then I will be installing Exchange on a dedicated box.

thanks for your help.
 
Upvote 0 Downvote
Not sure which way you are saying you will go with this. If you do an authroitative restore then you will blow away the AD on the other DC. That is why it is authoritative. The restored DC will replicate to the working DC, in the process rolling you back in time.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Sorry if I am causing confusion.

I proposed to do an non-authroitative restore (not authroitative). We do have a functioning DC that is currently doing all authentication and AD edits. The one that is acting up has netlogon paused and replication disabled.

As I understand it, the non-authroitative restore (from tape) will allow AD to start on the offending server and being out of date will be over written by a current good copy from the functioning DC.

Or am I barking up the wrong tree altogether?


Thanks


Andrew
 
Upvote 0 Downvote
Just wanted to let you know how it went, this may help others!

Started in AD restore mode and estored the system state using Arcserve 11.1 form 4 weeks ago. This worked fine.

Restarted in normal mode but there was still a problem. This was caused by the computer password now bing out of sync with the domain. So I had to use the NETDOM utility to resync it.

Finally upon rebooting the DC was still not replicating AD to the other server. This was due to replication still being disabled. I Enabled it using REPADMIN.

Everything appears to be fine now. Thanks for your help.


Andrew
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
204
DTGMI
DTGMI
julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
84
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
335
goombawaho
goombawaho
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
82
geneg28
geneg28
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
105
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top