0

If I do a system state restore, but the backup is over 60 days old, what will happen to my domain? This is the system state for the forest root. Will my domain simply cease to exist? I have other domain controllers, but this is the first in the bunch.

edit:

Here's what happened. I got a virus on my root server. It won't go away. I believe it is a rootkit. No tools will get rid of it. No scanners will help. Just for this post, let's say I'm stuck. It's still there. Kaspersky will stop a virus, but there is a rootkit that keep spawning it that cannot be dealt with.

This made all kinds of errors in my AD because nothing can contact my root, or at least very limited. I get access denied, principal target name incorrect, etc. I've found all the MS kb articles. I've read tons of posts. Nothing helps because it's a virus. Replication is not occurring. I can't even connect to the domain controller from another DC to transfer the FSMO roles.

It is breaking things for users, though sporadic, and I'm down to a restore. I'm at SP4 and so it my backup. The backup is over 60Days old.

If I restore the server OS, the rootkit might stay. If I restore the system state, it might help.

I had considered doing bare metal, maybe I have to, but then I still have to make it my root.

Bad problems.

johnny
  • 2,268
  • 9
  • 35
  • 54
  • 1
    Is this going to be authorative? – Zoredache May 14 '12 at 15:15
  • I don't know what that means, but it is the "master" root of the domain. – johnny May 14 '12 at 15:28
  • More details in the OPs previous question here: http://serverfault.com/questions/388914/how-do-i-remove-a-rootkit-without-an-anti-rootkit-program – EEAA May 14 '12 at 15:35
  • 2
    You didn't clarify the single most important point here: **do you have at least another domain controller in the forest root domain, or is this the only one?** – Massimo May 14 '12 at 16:19
  • @Massimo have more than one. I have more than one domain controller in the domain. One root, more than one dc. – johnny May 14 '12 at 16:19
  • 1
    See my other answer then. No need to even bother fixing it, just shut it down, tell AD it's gone, and reinstall it. – Massimo May 14 '12 at 16:24
  • 2
    @johnny, and authoratative restore will revert your entire active directory database to the state it was on the day the backup was taken. If you are not doing an authoratative, then just take the server offline immediately, seize the fsmo roles, perform a metadata cleanup to get rid of the dead DC. – Zoredache May 14 '12 at 20:38

4 Answers4

3

Looking at this and your other question, you're making this far more difficult than it needs to be.

If all this server is, is a domain controller, then install a new domain controller, transfer the roles, and its all good. A few hours work, tops. No need to restore old backups, no need to mess about no problems.

If there's something else here you're not telling us that makes this impossible then, well, you need to tell us before we can help...

Rob Moir
  • 31,664
  • 6
  • 58
  • 86
  • It is the root and I cannot contact it to transfer the roles. I read I could seize the roles, but that sounds like it would put me out of business for a while. – johnny May 14 '12 at 16:19
  • 1
    Based on your answer to Massimo's comment, I would suggest that seizing the roles on one of the other DCs is the best alternative. You don't have up to date, usable backups, you say you can't contact this DC from the other DCs. Your alternatives are pretty limited at this point I think. Seizing roles isn't a step to take lightly, sure, but it doesn't "put people out of business". – Rob Moir May 14 '12 at 16:23
2

If, as you said, you have other working domain controllers in the forest root domain, then you can just shut down this server and forcibly remove it from the Active Directory using NTDSUtil:

http://technet.microsoft.com/en-us/library/cc736378(v=ws.10).aspx

If this server is holding FSMO roles, you'll also need to forcibly move them to another DC:

http://support.microsoft.com/kb/255504/en-us

Finally, reinstall the operating system on it, add it back to the domain and make it again a DC using DCPROMO.

Massimo
  • 68,714
  • 56
  • 196
  • 319
0

Usually when you restore the system state, it removes all the Windows updates that you did, along side with the software that you have installed. I believe your AD should be fine.

George
  • 500
  • 4
  • 18
  • 40
0

You will end up with a domain controller that has a 60-days-old copy of the Active Directory database; this may or may not be a problem, depending on various factors:

  • Which operating system and service pack level are you running on this server?
  • What are the forest and domain functional levels?
  • How many DCs do you have for the same domain (i.e. the forest root one)?
  • Is this DC a global catalog?
  • Does it hold FSMO roles?
  • What is the tombstone period for the domain (the default is 60 days)?

Also, it would be really useful to know why you want to restore that system state backup. More specifically, do you need to recover the server itself or the Active Directory database?

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • I need to recover both, but my AD isn't working right. It had a virus. I was thinking if I restore teh AD things will work right in my domain again. it is a complex problem. I also thought if I restore the server it would fix it. – johnny May 14 '12 at 15:29
  • How about providing some details on the problem. "My AD isn't working right" is a term that gets thrown around alot when in actuallity there may be problems with a specific DC, but not with AD itself. What types of problems are you having? – joeqwerty May 14 '12 at 15:33
  • More details such as they are, here http://serverfault.com/questions/388914/how-do-i-remove-a-rootkit-without-an-anti-rootkit-program – user9517 May 14 '12 at 15:36
  • @lain yes, but I got downvoted and closed even though the questions were different. Then I didn't want to put them here because I'd get closed. My questions were legit...I thought. – johnny May 14 '12 at 15:40