The real issue isn't what a power failure can do to an individual box. If you had more than one DC, AD would have survived the failure of an individual DC. You might have to force the transfer of the FSMO roles, but AD would have survived and you would have had a much easier time recovering the failed box.
In your situation with one DC with data files that you need to recover, you have the option to re-install Win200x from scratch. The OS files will be replaced and the data partitions shouldn't be touched (don't format them during the install). If you were using NTFS permissions to protect those files, you can take ownership with an admin account then change the permissions on them to let the original users access them. ONE WARNING: If you had been using the file encryption, then DO NOT RE-INSTALL the OS, if so, you will lose the master encryption key and YOUR DATA FILES WILL BE LOST!!!! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alicia Szerenyi Sent: Tuesday, August 03, 2004 7:47 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] urgent help needed Thanks a lot for everyone's help... i just want to explain that i don`t have a second domain controler or backup for the database file because i am just trying AD out, and learning about it. I installed it in the laboratory server, that it is used to learn, but has other information that belongs to my work-mates... i am just worried that AD is so fragil against a power failure...that could happen again...i just have to pray that it wont? Thanks again Alicia -----Mensaje original----- De: joe [mailto:[EMAIL PROTECTED] Enviado el: martes, 03 de agosto de 2004 11:02 Para: [EMAIL PROTECTED] Asunto: RE: [ActiveDir] urgent help needed It doesn't have to be a fake domain, it could be your regular domain name. You just want to promote and then demote so you have the member server back at a known good point, then finally do a regular promotion back to being your DC. Make sure you promote a second DC as well so you have a backup in case of failure for next time. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alicia Szerenyi Sent: Tuesday, August 03, 2004 9:18 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] urgent help needed How do i promote the DC into a fake domain? and depromote it? -----Mensaje original----- De: joe [mailto:[EMAIL PROTECTED] Enviado el: viernes, 30 de julio de 2004 12:51 Para: [EMAIL PROTECTED] Asunto: RE: [ActiveDir] urgent help needed Are you sure the DIT file is gone? If so and you have no systemstate backups and you don't have any other DCs for that domain your only choice is a forced demotion of the DC. See the following KB http://support.microsoft.com/default.aspx?kbid=332199 If I recall though you can't do that from single user mode so you will have to do the following unsupported hack: Go to the following registry value: hklm\system\currentcontrolset\control\productoptions\producttype Change it from WinNT to ServerNT After you do this, you will want to promote the DC into a fake domain and demote it again so that it reconfigures everything properly on the machine. It is possible to create an empty DIT file but it will do nothing for you. There is a huge difference between an empty DIT file and a properly built DIT file with no user defined objects. The former is easy, the latter is not. You have to repromote the DC to get it. I will step up on the podium for a second... 1. Always have multiple DCs. 2. If you can't follow number 1, have a systemstate backup that you know is good and still always have multiple DCs. I am wondering why you are so worried about rebuilding the DC, my guess is that you have some other app or apps loaded. It really isn't good security (or any security at all honestly) to run DCs as app servers. There are a couple of infrastructure services that are generally ok to run, but as a whole, don't run apps on DCs. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alicia Szerenyi Sent: Friday, July 30, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] urgent help needed Dennis, i appreciate you're help, but the solutions that are suggested in the link you gave me wont't work...the last suggestion was to reinstall the operating system, what i am trying not to do... Does anybody have any idea how to solve my problem? When i try to boot in normal mode there is an error message saying the directory service can't be started...then, when i check the integrity of the files with ntdsutil some errors occure, the last one being "E:\winnt\ntds\ntds.dit file does not exist"... it must be possible to create a new empty ntds.dit file...or any other solution!! Thank you Alicia -----Mensaje original----- De: Depp, Dennis M. [mailto:[EMAIL PROTECTED] Enviado el: viernes, 30 de julio de 2004 11:37 Para: [EMAIL PROTECTED] Asunto: RE: [ActiveDir] urgent help needed Alicia, Check out http://support.microsoft.com/default.aspx?scid=kb;en-us;265089, senario 2. Dennis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alicia Szerenyi Sent: Friday, July 30, 2004 10:20 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] urgent help needed Importance: High Hello, > i am having trouble with active directory...the database file ntds.dit > was erased because of a power failure we had some days ago. The active directory was working perfectly until that day, and now windows 2000 won't start. The only way we have to access the machine is through DS restore mode. > > We can't uninstall AD because we are not on normal mode...and we don't have a back up for that file. > > Is there any way i can create a new empty database to start over? or > is there a way to eliminate AD from the server without having to format the drive and install windows 2000? > > Is it possible to create the ntds.dit file and any other needed? > Doesn't AD have that functionality? > > We need to have the server working again as soon as possible. We donīt mind eliminating anything related to Active Directory, but we don't want to format the drive and re-install de operating system again... > > Please help me > Thank you very much > > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
