Skip to main content

Active Directory Restore

More
18 years 4 weeks ago #17672 by Bublitz
I have a customer from hawaii who had a dual hard drive failure on a raid 5 array after the earthquake last week. The server was their only domain controller and exchange server. They did have all the files backed up but NOT a system state backup. So I've reinstalled windows 2000 server using the same computers name, and used pcpromo.exe to install active directory using the same domain name.

Logging into Directory Service Repair Mode I restored the Active directory data base files(c:\winnt\NTDS\*.*).

Now I cannot boot into windows normal mode I keep getting ISASS.exe security accounts manager error 0XC0002E1. Then it asks me to log into Directory Service Repair Mode.

Is there anything else I can do to get this going?

If i'm able to get AD back up and going then ill try and restore exchange......

The Bublitz
Systems Admin
Hospice of the Red River Valley
More
18 years 4 weeks ago #17676 by Smurf
Replied by Smurf on topic Re: Active Directory Restore
Sorry to hear ya in that predicament, I am not sure you can do a restore of AD without a valid backup of the active directory (SYSTEM STATE) to restore from. Unsure how it will react with your current try since the SID’s will be different on the new server that you have built up.

I have done a google and not come across anyone else you has attempted anything like this, however I have come across a product that might help ya out depending on how critical it is to get this back up and running quickly. Take a look at the link below, its not that expensive but it may save you a lot of time and grief, may be worth contacting them to see if the product will help ya out. Otherwise it may be worth logging a support call with MS but this will cost a lot more then the software product.

Sorry I cannot be of further help but I have not really tried this before. Please let the group know how ya get on though.


www.pnltools.com/productinfo.asp?product...mnlogCFTMlQgodOXBHBQ

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
18 years 3 weeks ago #17725 by FallenZer0
Services running in the Lsass.exe process or in the Services.exe process are configured to run as shared service processes.

Go into Safe Mode with Command Prompt, use Sc.exe which is available in the Windows 2000 server resource kit.

The following services run as part of the Lsass.exe process

HTTPFilter (HTTP SSL)
KDCSVC (Kerberos Key Distribution Center)
Netlogon (Net Logon)
NTLMssp (NTLM Security Support Provider)
PolicyAgent (IPSEC Services)
ProtectedStorage (Protected Storage)
SamSs (Security Accounts Manager)
Eventlog (Event Log)
PlugPlay (Plug and Play)

Type Sc query HTTPFilter.

The TYPE value must be 20 WIN32_SHARE_PROCESS for the services. Check for ALL the above Services. If the TYPE value for a Service is NOT the 20 WIN32_SHARE_PROCESS, you need to configure it.

Type sc config 'Service Name' type= share, and then press ENTER, where 'Service Name' is one of the Services listed above.


Also, in your post you mentioned that you did restore the AD database. How did you do this without having a backup of the System State? Or did you just restore, by the backup files taken?

To have a successful restore [nonauthoritative] of the AD database, you need to have the System State. Just restoring NTDS, will not do it.

I'm not sure how much of help this would provide, or if this would solve your issue. If I find anything else I'll let you know.

Good Luck.

-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
More
18 years 3 weeks ago #17749 by Bublitz
Yea I just had the NTDS files. WHen I use the command line options for viewing or restoreing the database it shows as A ok but it wont let me boot into normal mode.

The Bublitz
Systems Admin
Hospice of the Red River Valley
Time to create page: 0.128 seconds