Bringing SQL Server filegroups online

Question

We've experienced an sql injection attack which corrupted our main db.

The main db had two partitioned tables into filegroups.

The corrupt database entered into Suspect mode, and it's been impossible for us to use.

I was able to restore a backup of the db with partial (no filegroups, since we didn't have backup of those.. I know bad thing).

I was now able to remove the db in suspect mode so we are left with the restored db and the file groups that were linked to the corrupt db.

Now I'm trying to figure out how to bring those file groups back online.

I've tried removing them so I can then add them back on, but I can't remove them since I get

Msg 5056, Level 16, State 2, Line 1
Cannot add, remove, or modify a file in filegroup 'FG_Audit' because the filegroup is not online.

Is there any work around? I've found posts where they talk about restoring from backup but we don't have one of the filegroups.

Have we lost that data? How do we remove the filegroups? Backups now stopped working because of this.

UPDATE

If I run this

SELECT 
 f.name file_group, 
 d.name file_name, 
 d.state_desc file_state
FROM sys.filegroups f
JOIN sys.database_files d
 ON f.data_space_id = d.data_space_id;
GO

All the file groups that the DB is complaining about being off line they say "RECOVERY_PENDING"

Answer 1

Can you create any FILEGROUP and FILES therein (see Code). Do you have any information about what tables or partitions were allocated to the FILEGROUPS that were there before? USE Master, then ...

ALTER DATABASE [<YourDatabase>] ADD FILEGROUP [FG_Audit_New];
GO

ALTER DATABASE [<YourDatabase>] ADD FILE (NAME = N'AuditData_1', 
FILENAME = N'<YourPath>\AuditData_1.ndf', 
SIZE = 256000KB , FILEGROWTH = 61440KB)
TO FILEGROUP [FG_Audit_New]; -- change metrics at will.
GO

ALTER DATABASE [<YourDatabase>] ADD FILE (NAME = N'AuditData_2', 
FILENAME = N'<YourPath>\AuditData_2.ndf', 
SIZE = 256000KB , FILEGROWTH = 61440KB )
TO FILEGROUP [FG_Audit_New]  -- change metrics at will.
GO

Does anything come out of this?

SELECT * FROM <YourDatabase>.sys.data_spaces;

Answer 2

Okay, good explanation. Let me ask you, can you navigate to the Windows disk location where you stored the files for the FILEGROUPs in question? There will be a path to the Windows OS drives or LUNS that store that. Each FILEGROUP is logical (simply an attribute of storage, not a physical unit), but the files located in each FILEGROUP will have a physical location on disk. Find the files; there should be one or more files. If you cannot find those files, let me know, and while you are doing that I will figure out another angle.

Also, add the column "physical_name" to your query, and that will show you where the files are. The files have the data in them, so if you can find those files, we ought to be able to recover the FILEGROUPS.

By the way, Federico, can you list any information about your backup devices and backup sets? Is the database in SIMPLE model, BULK_LOGGED, or FULL? Do you have any FULL backup files, and are you doing LOG backups frequently (FULL Recovery model)? Do you have any differential backups? Did you back up the TAIL of the LOG when you smelled something bad in the fridge?

Answer 3

Federico, can you find a full back from just before the messup, along with the chain of differentials and / or log backups from BEFORE you did the partial? If so, can you start again with the restore, chaining in all the log backups and the tail?