-2

We have a 2003R2 DC VN that has a non functional AD. There is no System State Backup, but we do have a 2 year old copy of the VM. Can the copy be used in any way to restore the existing server?

longneck
  • 23,082
  • 4
  • 52
  • 86
Chevy2
  • 1
  • 4
    You should consider asking a different question laying out the problems you have. You might get your root problem solved instead of digging around for bad solutions. – longneck Jun 21 '13 at 01:04
  • 5
    To future visitors: Please backup AD at least once a month. Pretty please. – pauska Jun 21 '13 at 01:08
  • Do you have a snapshot or a copy? Is this a snap/copy of your *only* DC, or are there others in the domain? – MDMarra Jun 21 '13 at 02:45

2 Answers2

7

Only if you want to roll your domain back to the way it was 2 years ago.

Edit: And have a boatload of lingering objects.

Edit2: You don't specifically say that this is your only DC. If it is not your only DC, then you need to seize rolls to your remaining good DC, kill the failed one. Do not attempt to restore it. Rebuild it from a fresh OS install.

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • Is there any way to repair an active directory – Chevy2 Jun 21 '13 at 01:05
  • 3
    Just to be sure that everyone understands the implication of restoring a domain controller back to a two year old state: Every single AD scheme you've updated is lost (read: Exchange, Lync and so on), every single computer AND user account will be in a non-functional state as the passwords have long expired and are now mismatched, and the list goes on and on and on.. – pauska Jun 21 '13 at 01:08
  • Yep. The resiliency of AD comes mainly from its design as a multi-master system with many replicas. That is, you have redundant domain controllers. With backups. If you have neither of those, it's hard to feel pity for you. – Ryan Ries Jun 21 '13 at 01:10
5

No, honestly based off the information you have given it would likely be less work to just re-build it from scratch.

As pointed out none of your servers or computers will be usable and you would need to at minimum re-add them to the domain/refresh the machine account passwords. You would also need to re-add any changes made... in the last two years.

This is all assuming you don't have any schema extensions or additions such as Exchange.

This would be a really bad idea!

I don't know how many questions we see on here that could be avoided by simply doing regular AD backups/ tests or having at least two DCs.

If you DO have another functioning DC, your best option would be to completely wipe the bad DC and reinstall OS and then DCpromo it back into your Domain with a DIFFERENT name than the removed server. You'll also want to do metadata cleanup of anything referencing the old DC, as well as seizing any FSMO roles the old DC held.

If you tried to restore from the old backup and you have other DCs you run the risk of a USN rollback which will prevent replication with other DCS. See KB875495.

HostBits
  • 11,796
  • 1
  • 25
  • 39