Share via

Disaster Recover Directory all DCs down 2008r

Posnew Vx 21 Reputation points
2022-04-10T18:31:23.933+00:00

Good day everyone,

WE had a ransonware attack that took down all the 3 domain servers, 2 RODC are alive and we have and 2 year old image backup of two DCs including the PDC. All members 2008 r2.

It seems there is no way to take a backup from dthe RODC database to create a new entire forest from it. If I'm wrong on this please let me know.

We started the 2 old DCs in a controlled network, but we have many errors syncing and related to trust connections.

Is there a way to create the forest installing new server and restoring AD data from the old outdated PDC ?

Thanks in advance

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
0 comments
Accepted answer
  1. Anonymous
    2022-04-10T18:43:59.033+00:00

    Is there a way to create the forest installing new server and restoring AD data from the old outdated PDC

    Restoring multiple domain controllers is not recommended and can be problematic. Better option may be to restore the PDC, then do cleanup to remove the others.
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

    then confirm health is good (dcdiag, repadmin tools) when all looks good stand up new ones for replacement of the others.

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2008, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can move on to next one.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Posnew Vx 21 Reputation points
    2022-04-10T19:32:31.107+00:00

    Hello DSPatrick, thanks for your recomendation.

    We will try to recover the PDC only, will follow the guides and hope all goes fine.

    Thanks.

  2. Posnew Vx 21 Reputation points
    2022-04-11T16:49:41.027+00:00

    Hello,

    Still unable to make it work, part of dcdiag looks like both machines cannot talk each other

    on this section CheckSecurityError

    got this message
    Unable to verify the convergence of this machine account

    (CN=ALMDC5,OU=Domain Controllers,DC=alm,DC=loc) on these DC's
    (ALMDC5,ALMDC4). Does the machine account password need
    resetting? Are the SPN's in sync?

  3. Posnew Vx 21 Reputation points
    2022-04-11T20:15:21.533+00:00

    Finally it worked, thanks for your valuable help.

    I was able to solve following this article. https://learn.microsoft.com/en-US/troubleshoot/windows-server/identity/target-principal-name-is-incorrect-when-replicating-data

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.