Posts

Showing posts from May, 2010

Install Active Directory

After you gather information as described in "Gathering Installation Information" earlier in this guide, you can use the Active Directory Installation Wizard to install Active Directory.. Requirements ·          Credentials: local Administrator ·          Tools: Dcpromo.exe To install Active Directory 1.        In the   Run   dialog box, type   dcpromo   and click   OK . 2.        The   Active Directory Installation Wizard   appears. Click   Next   at the   Welcome   screen. 3.        For   Domain Controller Type , select   Additional domain controller for an existing domain . Click   Next . 4.        For   Network Credentials , enter the user name, password, and domain for the user account that has permission to add this new domain controller to the domain. Click   Next . 5.        Enter the name of the domain that you want the new domain controller to host. Click   Next . 6.        For the   Database and Log Locations , enter the paths for the locations of the directory dat

Clean Up Metadata

If you give the new domain controller the same name as the failed computer, then you need perform only the first procedure to clean up metadata, which removes the NTDS Settings object of the failed domain controller. If you will give the new domain controller a different name, then you need to perform all three procedures: clean up metadata, remove the failed server object from the site, and remove the computer object from the domain controllers container. Requirements Credentials: Enterprise Admins (metadata cleanup requires modifying the configuration naming context) Tool: Ntdsutil.exe, Active Directory Sites and Services, Active Directory Users and Computers To clean up metadata 1.        At the command line, type   ntdsutil   and press ENTER. 2.        At the   ntdsutil:   prompt, type   metadata cleanup   and press ENTER. 3.        At the   metadata cleanup:   prompt, type   connections   and press ENTER. 4.        At the   server connections:   prompt, type   connect to

Restore SYSVOL from an Alternate Location

Perform the following procedure to restore SYSVOL authoritatively. Requirements Credentials: local Administrator or Domain Admins Tool: N/A To restore SYSVOL from an alternate location 1.        If still in Directory Services Restore Mode, restart in normal mode. 2.        Once the system has been rebooted and   after   the SYSVOL share is published (it may take a few minutes before the SYSVOL share and its sub-folders appear on the domain controller), copy the required files and folders from the SYSVOL directory that was copied to the alternate location to the original location. By doing this, the files that were overwritten are replicated out to the other domain controllers, so that the SYSVOL is the same as that which was present at the time of backup. Example: restoring SYSVOL from alternate location The following example shows how to copy the SYSVOL from the alternate location to the original location. Depending on your system, your drive and folder information may vary. Copy the

Perform Authoritative Restore of Entire Directory

This step restores the entire Active Directory, and marks it as authoritative for the enterprise. Requirements ·          Credentials: local Administrator ·          Tool: Ntdsutil.exe To perform authoritative restore of the entire directory 1.        Open a command prompt and type   ntdsutil   and then press ENTER. 2.        At the   ntdsutil:   prompt, type   authoritative restore   and then press ENTER. 3.        At the   ntdsutil authoritative restore:   prompt, type   restore database   and press ENTER. 4.        At the   Authoritative Restore Confirmation   dialog box, click   OK . 5.        Type   quit   and press ENTER until you have exited Ntdsutil.exe. 6.        Restart the server. It is now authoritative for the domain, and changes will be replicated to the other domain controllers in the enterprise. Ref: http://technet.microsoft.com/en-us/library/bb727062.aspx

Restore Applicable Portion of SYSVOL from an Alternate Location

If you are authoritatively restoring only a portion of the directory, not the entire directory, it is not necessary to perform this step. However, if the subtree or object that was authoritatively restored contained elements from the SYSVOL, such as a Group Policy object, you should also restore that portion of the SYSVOL authoritatively. Requirements Credentials: local Administrator or Domain Admins Tool: N/A To restore applicable portion of SYSVOL from alternate location if necessary 1.        If still in Directory Services Restore Mode, restart in normal mode. 2.        After the system restarts and   after   the SYSVOL share is published (it can take a few minutes before the SYSVOL share and its sub-folders appear on the domain controller), copy the required files and folders from the SYSVOL directory that was copied to the alternate location to the original location. By doing this, the files that were overwritten are replicated to the other domain controllers, so that the SYSVOL i

Perform Authoritative Restore of a Subtree or Leaf Object

This step marks the subtree or leaf object you restored as authoritative for the directory. Requirements ·          Credentials: local Administrator ·          Tool: Ntdsutil.exe To perform authoritative restore of a subtree or leaf object 1.        Open a command prompt and type   ntdsutil   and then press ENTER. 2.        At the   ntdsutil:   prompt, type   authoritative restore   and then press ENTER. 3.        At the   ntdsutil authoritative restore:   prompt, type: 4.   Restore Subtree OU=ouname,DC=domain,DC=domainroot For example, if the administrator has inadvertently deleted the Marketing organizational unit in the domain called contoso.com, type: Restore Subtree OU=Marketing,DC=Contoso,DC=COM 5.        At the   Authoritative Restore Confirmation   dialog box, click   OK . 6.        Type   quit   and press ENTER until you have exited Ntdsutil.exe. 7.        Restart the server. Ref: http://technet.microsoft.com/en-us/library/bb727062.aspx

Restore System State to an Alternate Location

Perform this procedure to allow an authoritative restore of SYSVOL. After the objects are restored, you can delete the files in the alternate location. Requirements ·          Credentials: local Administrator ·          Tool: NTBackup.exe To restore system state to an alternate location 1.        Click the   Restore   tab. 2.        Select   SystemState . (You need not restore the system disk to an alternate location.) 3.        Ensure that   Alternate Location   is selected in the   Restore Files to   drop-down list box and designate the alternate location. 4.        When the restore process is finished, close the backup utility. Ref: http://technet.microsoft.com/en-us/library/bb727062.aspx

Verify Active Directory Restore

After the restore is completed, you can either restart the server in normal operation mode and perform basic verification, or continue with the advanced verification. The advanced option is not usually required, and should be used with caution, as incorrect use of the ntdsutil utility can corrupt the Active Directory database. Both processes are explained below. Requirements ·          You must log on at the local computer, or you must enable Terminal Services in Remote Administration mode on the remote domain controller. ·          Credentials: ·          Basic: Domain Admins or local Administrator ·          Advanced: local Administrator ·          Tool: NTBackup.exe To perform basic Active Directory verification 1.        After the restore operation completes, restart the computer in normal operational mode. Active Directory and the Certificate Server automatically detect that they have been recovered from a backup. They perform an integrity check and re-index the database. 2.