0

Our main server got hit with a virus last week and although I cleared it the server is acting very slow and getting tons of reg errors. We have a back up server that only has the OS installed on it. (2003)

What are some options on moving AD,DNS,DC to the back up server? I`ve looked up AD migration but does this move over all the documents and such too?

We are still using the server that was infected just so people can work. Would it be wise to install all the software and documents on the backup and then migrate over? Anyone know of a good guide to do this?

Or is just starting from scratch more secure?

Install DNS,AD,DC to back up server under a new domain and then entering all the users installing the license server, terminal server etc... And then move everyone's information over...

I plan on formatting the server that was infected and making it a second DC in case this happens again.

squillman
  • 37,618
  • 10
  • 90
  • 145
user160605
  • 63
  • 1
  • 1
  • 8
  • Related: **[How do I deal with a compromised server?](http://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server)** – voretaq7 Feb 26 '13 at 20:17
  • And incidentally, I noticed that you mention having software and documents on this server... It's generally considered best practice not to combine other server roles with your Domain Controllers. Since you have to set this up all over again, it would probably be worth doing it right, and your file server separate from your Domain Controller, separate from your application server, separate from your other roles. (Virtualization comes in really handy for this, so you're not wasting an entire server running a lightweight role... so you may not have this option, but its worth thinking about). – HopelessN00b Feb 26 '13 at 20:44
  • what do u recommend then? – user160605 Feb 26 '13 at 21:20
  • I do want to do it the right way. So if I move the roles, to the backup server I have a fresh new DC. All user docs, databases for certain programs are still on the server. Should I just burn an image of this infected computer. Format reinstall server join it to the doing annd then reinstalled the few programs we use. – user160605 Feb 26 '13 at 21:32
  • once everything is reinstalled to my file\app server i go can move the non infected data bases over (ms access and a sql) I could then scan employe documents and slow move them over to the app server? – user160605 Feb 26 '13 at 21:34

2 Answers2

4

Restore the server from backup. You do have a backup, don't you?

Who knows how badly this virus has damaged your server. I honestly couldn't recommend transferring anything over from it.

An easy way out would be to promote that other server to a domain controller, transfer all the FSMOs to it, then completely wipe the first server.

Then rebuild the first server after a complete wipe of the hard drive, and make it your new secondary DC.

Ryan Ries
  • 55,011
  • 9
  • 138
  • 197
  • Yes we have a backup.. We use acronis but we dont know excatly when we got the virus.. I walked into this postion and everything has been set up backwards. They had the backups only saving every 3 days.. I will be using a new backup policy once fixed. – user160605 Feb 26 '13 at 20:36
3

You want to:

1) Add a second Domain Controller to your existing domain. Make sure it's a Global Catalog.

2) Transfer all the FSMO roles to the new Domain Controller.

3) If possible, gracefully demote your virus infected Domain Controller. If not, forcefully remove it.

4) Format the virus-infected server.

5) Add a second Domain Controller to your existing domain (using the formerly virus-infected server hardware that you formatted).

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
  • 1
    Don't forget to add the DNS role and other roles (DHCP, etc.), along with files and a full final backup of the old server before you decommission it. Don't get in a hurry. – TheCleaner Feb 26 '13 at 20:33
  • do i have to have dns,ad installed on the backup server before doing this?? at what point do the users and groups move over? – user160605 Feb 26 '13 at 20:49
  • opps never mind just saw when I added the backup server to the domain all the users and groups switched over. and an ad was installed there. i`m guessing once i move the fsmo roles the profiles and such will be moved over as well... When moving the roles will users be effected? – user160605 Feb 26 '13 at 20:53
  • 1
    @user160605 No, FSMO roles are... not related to user profiles. Give some serious thought to my comment about separating all these server roles onto different servers. Otherwise you're just moving the same old mess onto a shiny new server. – HopelessN00b Feb 26 '13 at 21:10