On Wed, Oct 21, 2009 at 11:36 AM, Coleman, Hunter <[email protected]> wrote: > You'd be looking at a forest recovery. You'll either need to restore all DCs > from backups made prior to the upgrade, or shutdown all DCs, restore 1 DC > from each domain, metadata cleanup the other DCs, and rebuild/repromote them.
Oh, goodie. This just gets scarier and scarier ... :-) > http://technet.microsoft.com/en-us/library/cc786327(WS.10).aspx covers the > forest recovery process. To be honest, I seriously doubt that anything would go wrong. Especially if DCDIAG comes up clean for both domains, and my DNS is configured (hopefully) properly. But you've got to be prepared, I guess ... > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Michael Leone > Sent: Wednesday, October 21, 2009 9:25 AM > To: [email protected] > Cc: NT Admin Mailing List > Subject: Re: [ActiveDir] How to rollback a Win2000-to-Win2003 AD upgrade > (just in case) > > On Wed, Oct 21, 2009 at 11:18 AM, Rick Sheikh <[email protected]> wrote: >> If your preceeding posts have been on the sunbelt lists than some of us may >> not be subscribed there (or perhaps myself only) :) > > No, I've posted to both lists. The first ones may have been only to > the Sunbelt list, tho. > >> Restoring a DC from an image/VHD/VMDK is not recommended. I recommend you >> some reads on the AD Recovery. Both domains the parent and child have >> separate NTDS but share the forest NCs. >> >> http://technet.microsoft.com/en-us/library/cc738755(WS.10).aspx >> http://www.petri.co.il/restore-windows-server-2003-active-directory.htm >> http://www.computerperformance.co.uk/w2k3/utilities/windows_authoritative_restore.htm > > Thanks, I will. Do they cover the situation I speak of - doing an AD > recovery that is also a rollback from a higher level AD? As opposed to > a restore in a disaster recovery situation, for example, where you are > not rolling back levels at the same time as you are recovering AD. Or > would I have to do a restore on every DC? > >> >> On Wed, Oct 21, 2009 at 10:00 AM, Michael Leone <[email protected]> wrote: >>> >>> For anyone who has been following my posts on upgrading my Win2000 AD >>> to Win2003, looks like we should be good to go. We did a test upgrade >>> on our virtual AD domains (on our ESX cluster) twice, and both times >>> the upgrade succeeded successfully. We even tested running GPOs on the >>> newly upgraded domain, and that went fine - login scripts mapped >>> drives, etc, fine. >>> >>> So I think we're close to ready. Last step - a plan to rollback the >>> upgrade, if it all goes to hades in a handbasket ... >>> >>> My configuration: parent/child domain. 4 parent DCs (3 physical, 1 >>> VM). 3 child DCs (2 physical, 1 VM) on site, and another 3 in other >>> sites (both physical sites, and AD defined sites). So what should our >>> recovery plan be, if the upgrade doesn't work, for some unforseen >>> reason? >>> >>> Will I have to do an AD restore, from a full backup created prior to >>> the upgrade? How exactly would that work - would we decide that >>> everything is hosed, and then .. what? Run an AD restore on one of the >>> DCs? Which one? etc I've never had to do an AD restore like that, just >>> a D/R restore by restoring the virtual DC and seizing roles. >>> >>> Any advice, or links to a description from someone who has had to >>> unfortunately do it, would be most appreciated. >>> >> >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
