Wouldn't the restore roll in the logs though? Daniel Chenault [email protected] [Description: Description: cid:[email protected]]
From: Steve Kradel [mailto:[email protected]] Sent: Tuesday, June 12, 2012 11:18 PM To: NT System Admin Issues Subject: Re: in-depth AD Agreed, the very old backups are of almost no use whatsoever. The environment is now very likely full of issued SIDs and changed passwords that the old backup will have no knowledge of, and one would be hacking at the roots of this problem for years and years. If some kind of restore / new DC IFM dance doesn't do the trick, and knowing you've already tapped out MSFT's suggestions for esentutl, I'd start planning to stand up a new domain (with two or more DCs, aye) and *try* to migrate the current stuff into it via ADMT immediately. This sounds just messed up enough that I'd enjoy working on it for a while at least. ;) --Steve On Tue, Jun 12, 2012 at 10:00 PM, Carl Houseman <[email protected]<mailto:[email protected]>> wrote: <Failure to communicate alert> You've misunderstood the suggestion. You've been advised to restore a recent backup (one made since the problem began) to an isolated lab DC, as an experiment. The theory is, since recent backups complete successfully, perhaps the backup does not contain the corruption, or the corruption may not be restored. Carl From: Daniel Chenault [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, June 12, 2012 5:57 PM To: NT System Admin Issues Subject: RE: in-depth AD *shrug* Alrighty then... I may actually be able to get my grubby little hands on a backup that predates the first 447 event (that is, before 1/6/12). Rather concerned though; that is well past the default tombstone age of 60 days (and what is currently set). From what I read in Technet the restore of one that old will be disallowed. Daniel Chenault [email protected]<mailto:[email protected]> [Description: Description: cid:[email protected]] From: Andrew S. Baker [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, June 12, 2012 4:50 PM To: NT System Admin Issues Subject: RE: in-depth AD What Steven said. You only have one functional DC, and no useful historical backups. You might want to know if the one you have can be restored, and, if perchance the restore avoids the problem. -ASB: http://XeeMe.com/AndrewBaker Sent from my Motorola Droid RAZR On Jun 12, 2012 5:17 PM, "Daniel Chenault" <[email protected]<mailto:[email protected]>> wrote: Uh... what's the point? The problem I'm having predates that backup by MONTHS. Daniel Chenault [email protected]<mailto:[email protected]> [Description: Description: cid:[email protected]] From: Andrew S. Baker [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, June 12, 2012 3:53 PM To: NT System Admin Issues Subject: Re: in-depth AD Try restoring that somewhere offline and see if the problem remains ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault <[email protected]<mailto:[email protected]>> wrote: Did a backup last night before booting into DSRM and it completed without error for whatever that is worth. 2008 R2 SP1, English, 64-bit Daniel Chenault [email protected]<mailto:[email protected]> [Description: Description: cid:[email protected]] From: Damien Solodow [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, June 12, 2012 2:04 PM To: NT System Admin Issues Subject: RE: in-depth AD Ah... I was thinking something different based on what you were saying earlier. Are able to get a successful system state backup from that DC? Also, what Windows version is the DC in question? DAMIEN SOLODOW Systems Engineer 317.447.6033<tel:317.447.6033> (office) 317.447.6014<tel:317.447.6014> (fax) HARRISON COLLEGE From: Daniel Chenault [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, June 12, 2012 2:38 PM To: NT System Admin Issues Subject: RE: in-depth AD It's an object of type... uh... I dunno... you tell me... NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree (ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 => 3372, 3369) Daniel Chenault [email protected]<mailto:[email protected]> [Description: Description: cid:[email protected]] From: Damien Solodow [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, June 12, 2012 1:27 PM To: NT System Admin Issues Subject: RE: in-depth AD Couple questions: 1) I assume there are multiple domain controllers? Do they all report this same error or is it just one DC? 2) What object is an error being reported on? Depending on the object type you may have different options for dealing with it DAMIEN SOLODOW Systems Engineer 317.447.6033<tel:317.447.6033> (office) 317.447.6014<tel:317.447.6014> (fax) HARRISON COLLEGE From: Daniel Chenault [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, June 12, 2012 2:19 PM To: NT System Admin Issues Subject: RE: in-depth AD Failed with an error (1206 I believe) stating the database is corrupt. Let me clarify: I, and Microsoft, have run every possible switch or command available via ntdsutil and esentutl. Each one failed with an error stating corruption. Wanting to try and edit the file manually is not a whim or a wild idea but a last-ditch effort unless someone has a better idea. Daniel Chenault [email protected]<mailto:[email protected]> [Description: Description: cid:[email protected]] From: Michael B. Smith [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, June 12, 2012 11:56 AM To: NT System Admin Issues Subject: RE: in-depth AD Have you done a defrag of the ntds.dit? From: Daniel Chenault [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, June 12, 2012 12:23 PM To: NT System Admin Issues Subject: RE: in-depth AD Oh yes, it's up and running. Basic AD functionality is there; I can create users, assign permissions and other simple stuff. No replication is happening and it's to the point that I cannot open the EMC. Daniel Chenault [email protected]<mailto:[email protected]> [Description: Description: cid:[email protected]] From: Brian Desmond [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, June 12, 2012 11:13 AM To: NT System Admin Issues Subject: RE: in-depth AD Does the machine boot? Thanks, Brian Desmond [email protected]<mailto:[email protected]> w - 312.625.1438<tel:312.625.1438> | c - 312.731.3132<tel:312.731.3132> From: Daniel Chenault [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Tuesday, June 12, 2012 10:54 AM To: NT System Admin Issues Subject: in-depth AD It's a long story, aren't they all, but the root of my issue is this: I am getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling me to do an authoritative restore. Problem is this problem goes back to January; it is highly doubtful I can locate a backup pre-dating that time frame. I inherited this mess and am just trying to fix it. This corruption is causing several different problems (naturally). What I want to know from the collective list wisdom and knowledge is... is it possible to use a tool, such as adsiedit, to locate a specific object (it is called out specifically in the aforementioned event) and edit/massage/delete/assassinate the object? Because, as I see it, I have three choices at this point: 1) Auth restore (highly unlikely) 2) Edit/massage ntds.dit (maybe?) 3) Recreate this entire domain from scratch (seven locations internationally, hundreds of users and computers, lord knows how many printers total, plus Exchange and Great Plains, permissions on umpty-hundred shares - just shoot me now) Daniel Chenault [email protected]<mailto:[email protected]> Office: 972-528-6546 x 1002<tel:972-528-6546%20x%201002> Fax: 972-982-0054<tel:972-982-0054> 9550 Skillman Road Suite 500 Dallas, TX 75243 [Description: Description: cid:[email protected]] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
