• Creator
  • #2151663

    Windows 2000 Server active directory recovery


    by akujenga ·

    I’ve got a (IBM PII) W2K server that acts as a domain controller for a network of +/-40 Windows PCs. This machine seems to have been attacked by some spyware to a point of giving a blue screen during the startup process. I ran a virus scan using McAfee and a number of viruses were detected and cleaned. We also hooked the drive up as a slave on another machine and some more viruses were detected and cleaned. We’ve tried to repair the Windows installation but now the machine no longer gives the blue screen but simply stops responding during the boot process. If I try to boot into Safe Mode, it stops at the point “…\System32\DRIVERS\agp440.sys”. As if that was not enough, we had to move the drive from the original server because someone misfitted some RAM.

    I unfortunately do not have a backup of the Active Directory database as the machine’s main role has been to be a domain controller and I never worried about backing up.

    I would like to avoid having to recreate users and rejoin PCs to the domain. My question is: How can I restore things back to normal? Can I copy the Active Directory database if I hook the drive as a slave on another machine such that users can login and use shared resources as before? If not, how can I solve this problem?

    Your assistance would be greatly appreciated.

All Answers

  • Author
    • #2925688


      by akujenga ·

      In reply to Windows 2000 Server active directory recovery


    • #2925901

      Restoring AD

      by p.j.hutchison ·

      In reply to Windows 2000 Server active directory recovery

      AD is stored in a database in c:\Windows\NTDS, and all the scripts and policies are in C:\Windows\Sysvol, registry settings are in C:\Windows\System32\config.

      I am not sure this will work but install a new server with DNS and a dcpromo it to a blank domain (using the correct domain name).
      Back it up (just in case).

      Then reboot in SAfe mode (DS Restore mode) and restore the NTDS and Sysvol folders onto new server and reboot and see if that restores AD.

      To ensure that AD is working:
      1. Make sure Sysvol and Netlogon shares are showing
      2. Make sure the Netlogon service is running
      3. Make sure all FSMO roles are available (see the AD admin tools or ntdsutil.exe)
      4. Make sure DNS is working.

      Otherwise it will have to be done from scratch again (how many users are in this domain?).

Viewing 1 reply thread