Dec 02 2005
Active Directory Disaster Recovery Course
I attended an AD disaster recovery course recently and created my notes in a Writely document. Here they are below, feel free to comment on this article if you have any questions.
KB Links to look at:
- KB216498
- KB311078
- KB223757
- KB840001
- KB290762 – Using the BurFlags registry key to reinitialize File Replication Service replica sets
Other interesting points:
- Strict/loose replication
- Install from media dcpromo – dcpromo /adv
- Force removal of AD – dcpromo /forceremoval
- ntdsutil “metadata cleanup”
- repadmin /replsum
- ldp.exe
- Connection -> Connect
Leave server blank for local server, port 389 for LDAP, or port 3268 for GC - Connection -> Bind
Leave blank for locally logged on user - View -> Tree
Select tree from drop-down list - Right-click an object in the tree, select Advanced -> Replication metadata, then click OK. Should be similar output to repadmin /replsum
- Connection -> Connect
- Change boot.ini to include /SAFEBOOT:DSREPAIR and with Remote Desktop enabled you can reboot to directory services mode and restore AD.
- ldifde
- ldifde -d “dn path” -r “(standard LDAP query)” -l “comma-seperated list of attributes” -f output.ldf
- ldifde -i -k -f input.ldf
- bootcfg to change boot order of local or remote server.
- bootcfg /default /S servername /id 2
- bootcfg /query /S servername
- Fix GPO’s
- recreatedefpol.exe for Windows 2000
- Dcgpofix for Windows 2003
- FRS monitoring: SONAR, ULTRASOUND