As Eric mentioned in an earlier post, the database underlying Active Directory normally doesn't have problems recovering from a dirty shutdown. You should be able to grab an old workstation in a test lab, DC Promo it up to a domain controller, and then later unplug it without corrupting the directory.
However, just because ESE is tolerant of dirty shutdowns doesn't mean that your particular circumstances allow you to recover from a power failure. For instance, if you have a RAID controller in your server with writeback caching enabled, but the cache isn't battery protected, a power failure could easily corrupt the directory database. You could also end up with corrupt sectors on the hard drive, or the whole drive toasted, which would prevent you from starting the directory. If the data is important, have multiple domain controllers, back them up, and plug them into a UPS. Hunter -----Original Message----- From: Alicia Szerenyi [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 8:33 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] urgent help needed I could recover the drive that was corrupted...now i don`t know if i should install AD again. My situation is that i don't have another server to use as a backup DC, i just have one. Is there any way i can avoid a failure because of a power loss? i read in the microsoft documentation that power failure can cause that the database file can't be read, is deleted or corrupted... so, the question is, according to this, if i install AD again, no matter if i have a back up or not,(that's another issue), if there is a power failure what happened to me before can happen again? Thanks Alicia -----Mensaje original----- De: Passo, Larry [mailto:[EMAIL PROTECTED] Enviado el: martes, 03 de agosto de 2004 13:02 Para: [EMAIL PROTECTED] Asunto: RE: [ActiveDir] urgent help needed The real issue isn't what a power failure can do to an individual box. If you had more than one DC, AD would have survived the failure of an individual DC. You might have to force the transfer of the FSMO roles, but AD would have survived and you would have had a much easier time recovering the failed box. In your situation with one DC with data files that you need to recover, you have the option to re-install Win200x from scratch. The OS files will be replaced and the data partitions shouldn't be touched (don't format them during the install). If you were using NTFS permissions to protect those files, you can take ownership with an admin account then change the permissions on them to let the original users access them. ONE WARNING: If you had been using the file encryption, then DO NOT RE-INSTALL the OS, if so, you will lose the master encryption key and YOUR DATA FILES WILL BE LOST!!!! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alicia Szerenyi Sent: Tuesday, August 03, 2004 7:47 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] urgent help needed Thanks a lot for everyone's help... i just want to explain that i don`t have a second domain controler or backup for the database file because i am just trying AD out, and learning about it. I installed it in the laboratory server, that it is used to learn, but has other information that belongs to my work-mates... i am just worried that AD is so fragil against a power failure...that could happen again...i just have to pray that it wont? Thanks again Alicia -----Mensaje original----- De: joe [mailto:[EMAIL PROTECTED] Enviado el: martes, 03 de agosto de 2004 11:02 Para: [EMAIL PROTECTED] Asunto: RE: [ActiveDir] urgent help needed It doesn't have to be a fake domain, it could be your regular domain name. You just want to promote and then demote so you have the member server back at a known good point, then finally do a regular promotion back to being your DC. Make sure you promote a second DC as well so you have a backup in case of failure for next time. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alicia Szerenyi Sent: Tuesday, August 03, 2004 9:18 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] urgent help needed How do i promote the DC into a fake domain? and depromote it? -----Mensaje original----- De: joe [mailto:[EMAIL PROTECTED] Enviado el: viernes, 30 de julio de 2004 12:51 Para: [EMAIL PROTECTED] Asunto: RE: [ActiveDir] urgent help needed Are you sure the DIT file is gone? If so and you have no systemstate backups and you don't have any other DCs for that domain your only choice is a forced demotion of the DC. See the following KB http://support.microsoft.com/default.aspx?kbid=332199 If I recall though you can't do that from single user mode so you will have to do the following unsupported hack: Go to the following registry value: hklm\system\currentcontrolset\control\productoptions\producttype Change it from WinNT to ServerNT After you do this, you will want to promote the DC into a fake domain and demote it again so that it reconfigures everything properly on the machine. It is possible to create an empty DIT file but it will do nothing for you. There is a huge difference between an empty DIT file and a properly built DIT file with no user defined objects. The former is easy, the latter is not. You have to repromote the DC to get it. I will step up on the podium for a second... 1. Always have multiple DCs. 2. If you can't follow number 1, have a systemstate backup that you know is good and still always have multiple DCs. I am wondering why you are so worried about rebuilding the DC, my guess is that you have some other app or apps loaded. It really isn't good security (or any security at all honestly) to run DCs as app servers. There are a couple of infrastructure services that are generally ok to run, but as a whole, don't run apps on DCs. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alicia Szerenyi Sent: Friday, July 30, 2004 11:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] urgent help needed Dennis, i appreciate you're help, but the solutions that are suggested in the link you gave me wont't work...the last suggestion was to reinstall the operating system, what i am trying not to do... Does anybody have any idea how to solve my problem? When i try to boot in normal mode there is an error message saying the directory service can't be started...then, when i check the integrity of the files with ntdsutil some errors occure, the last one being "E:\winnt\ntds\ntds.dit file does not exist"... it must be possible to create a new empty ntds.dit file...or any other solution!! Thank you Alicia -----Mensaje original----- De: Depp, Dennis M. [mailto:[EMAIL PROTECTED] Enviado el: viernes, 30 de julio de 2004 11:37 Para: [EMAIL PROTECTED] Asunto: RE: [ActiveDir] urgent help needed Alicia, Check out http://support.microsoft.com/default.aspx?scid=kb;en-us;265089, senario 2. Dennis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alicia Szerenyi Sent: Friday, July 30, 2004 10:20 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] urgent help needed Importance: High Hello, > i am having trouble with active directory...the database file ntds.dit > was erased because of a power failure we had some days ago. The active directory was working perfectly until that day, and now windows 2000 won't start. The only way we have to access the machine is through DS restore mode. > > We can't uninstall AD because we are not on normal mode...and we don't have a back up for that file. > > Is there any way i can create a new empty database to start over? or > is there a way to eliminate AD from the server without having to format the drive and install windows 2000? > > Is it possible to create the ntds.dit file and any other needed? > Doesn't AD have that functionality? > > We need to have the server working again as soon as possible. We don�t mind eliminating anything related to Active Directory, but we don't want to format the drive and re-install de operating system again... > > Please help me > Thank you very much > > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
