| Author | Messages | |
m weerasinghe
Posts:0
 | | 06/29/2007 12:51 PM |
| All
The following USN rollback explanation and recovery doc http://support.microsoft.com/kb/875495/
suggests restoring the system state onto a DC that was demoted as it was
incorrectly restored previously. But it suggests doing that system restore
after it was demoted, metadata cleaned up and promoted back into the domain! It
doesn’t make sense to me. Is it a mistake in the article?
From the article....
Recovering from a USN
rollback
To recover from a USN rollback, follow these steps:
1.
Remove Active Directory from the domain controller to force it
to be a stand-alone server. For more information, click the following article
number to view the article in the Microsoft Knowledge Base:
332199 (http://support.microsoft.com/kb/332199/)
Domain controllers do not demote gracefully when you use the Active Directory
Installation Wizard to force demotion in Windows Server 2003 and in Windows
2000 Server
2.
Shut down the demoted server.
3.
On a healthy domain controller, clean up the metadata of the
demoted domain controller. For more information, click the following article
number to view the article in the Microsoft Knowledge Base:
216498 (http://support.microsoft.com/kb/216498/) How
to remove data in Active Directory after an unsuccessful domain controller
demotion
4.
If the incorrectly restored domain controller hosts operations
master roles, transfer these roles to a healthy domain controller. For more information,
click the following article number to view the article in the Microsoft
Knowledge Base:
255504 (http://support.microsoft.com/kb/255504/) Using
Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
5.
Restart the demoted server.
6.
If you are required to, install Active Directory on the
stand-alone server again.
7.
If the domain controller was previously a global catalog, configure
the domain controller to be a global catalog. For more information, click the
following article number to view the article in the Microsoft Knowledge Base:
313994 (http://support.microsoft.com/kb/313994/) How
to create or move a global catalog in Windows 2000
8.
If the domain controller previously hosted operations master
roles, transfer the operations master roles back to the domain controller.
For more information, click the following article number to view the article
in the Microsoft Knowledge Base:
255504 (http://support.microsoft.com/kb/255504/) Using
Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
9.
Restore the system state.
Evaluate whether valid system state backups exist for this domain controller.
If a valid system state backup was made before the rolled-back domain
controller was incorrectly restored, and the backup contains recent changes
that were made on the domain controller, restore the system state from the
most recent backup.
Cheers
M@ | | | |
| ZJORZ
Posts:131
| | 06/29/2007 5:11 AM |
| Yes, it is a mistake in the
article. A while ago (more then a year I guess) I provided feedback to
Microsoft and made a suggestion on how to solve this. They implemented the
suggestion.
Basically you can remove AD from
the box or just restore a valid system state that was created prior the USN
rollback issue was introduced.
To remove AD you can either
demoted nicely (no cleanup needed) or force demote it (cleanup needed).
Someone tried to consolidate the
information for some reason and mixed things up.
The W2K article is almost
unchanged, but at some point it says: “do not restore the system state” and
later on it says “restore the system state when…”
I’ll report this to MS!
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU ISA Eindhoven)
Addr. : Kennedyplein 248,
5611 ZT, Eindhoven
- Addr. : P.O. Box 7089, 5605
JB, Eindhoven
( Tel. : +31-(0)40-29.57.777
7 Fax. : +31-(0)40-29.57.709
( Mobile : +31-(0)6-26.26.62.80
* E-mail :
________________________________________________________________
MVP Profile à https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site à https://mvp.support.microsoft.com/
MVP Overview à https://mvp.support.microsoft.com/mvpexecsum
BLOG à http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of Matheesha
Sent: Friday, June 29, 2007 06:51
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Does USN Roll back recovery require systemstate
restore as per this KB?
All
The following USN rollback explanation and
recovery doc http://support.microsoft.com/kb/875495/
suggests restoring the system state onto a DC that was demoted as it was
incorrectly restored previously. But it suggests doing that system restore
after it was demoted, metadata cleaned up and promoted back into the domain! It
doesn’t make sense to me. Is it a mistake in the article?
From the article....
Recovering from a USN rollback
To recover from a USN rollback, follow these steps:
1.
Remove Active Directory from the domain controller to force it
to be a stand-alone server. For more information, click the following article
number to view the article in the Microsoft Knowledge Base:
332199 (http://support.microsoft.com/kb/332199/)
Domain controllers do not demote gracefully when you use the Active Directory
Installation Wizard to force demotion in Windows Server 2003 and in Windows
2000 Server
2.
Shut down the demoted server.
3.
On a healthy domain controller, clean up the metadata of the demoted
domain controller. For more information, click the following article number
to view the article in the Microsoft Knowledge Base:
216498 (http://support.microsoft.com/kb/216498/) How to
remove data in Active Directory after an unsuccessful domain controller
demotion
4.
If the incorrectly restored domain controller hosts operations
master roles, transfer these roles to a healthy domain controller. For more
information, click the following article number to view the article in the
Microsoft Knowledge Base:
255504 (http://support.microsoft.com/kb/255504/) Using
Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
5.
Restart the demoted server.
6.
If you are required to, install Active Directory on the
stand-alone server again.
7.
If the domain controller was previously a global catalog,
configure the domain controller to be a global catalog. For more information,
click the following article number to view the article in the Microsoft
Knowledge Base:
313994 (http://support.microsoft.com/kb/313994/) How
to create or move a global catalog in Windows 2000
8.
If the domain controller previously hosted operations master
roles, transfer the operations master roles back to the domain controller.
For more information, click the following article number to view the article
in the Microsoft Knowledge Base:
255504 (http://support.microsoft.com/kb/255504/) Using
Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
9.
Restore the system state.
Evaluate whether valid system state backups exist for this domain controller.
If a valid system state backup was made before the rolled-back domain
controller was incorrectly restored, and the backup contains recent changes
that were made on the domain controller, restore the system state from the
most recent backup.
Cheers
M@
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. | | | |
| matheesha
Posts:15
| | 06/29/2007 6:49 AM |
| Thanks Jorge!
M@
On 29/06/07, Almeida Pinto, Jorge de wrote:
Yes, it is a mistake in the article. A while ago (more then a year I guess) I provided feedback to Microsoft and made a suggestion on how to solve this. They implemented the suggestion.
Basically you can remove AD from the box or just restore a valid system state that was created prior the USN rollback issue was introduced.
To remove AD you can either demoted nicely (no cleanup needed) or force demote it (cleanup needed).
Someone tried to consolidate the information for some reason and mixed things up.
The W2K article is almost unchanged, but at some point it says: "do not restore the system state" and later on it says "restore the system state when…"
I'll report this to MS!
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU ISA Eindhoven)
Addr. : Kennedyplein 248, 5611 ZT, Eindhoven
-
Addr. : P.O. Box 7089, 5605 JB, Eindhoven
( Tel. : +31-(0)40-29.57.777
7 Fax. : +31-(0)40-29.57.709
( Mobile : +31-(0)6-
26.26.62.80
* E-mail :
________________________________________________________________
MVP Profile à
https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site à
https://mvp.support.microsoft.com/
MVP Overview à
https://mvp.support.microsoft.com/mvpexecsum
BLOG à
http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of MatheeshaSent:
Friday, June 29, 2007 06:51To: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Does USN Roll back recovery require systemstate restore as per this KB?
All
The following USN rollback explanation and recovery doc http://support.microsoft.com/kb/875495/
suggests restoring the system state onto a DC that was demoted as it was incorrectly restored previously. But it suggests doing that system restore after it was demoted, metadata cleaned up and promoted back into the domain! It doesn't make sense to me. Is it a mistake in the article?
From the article....
Recovering from a USN rollback
To recover from a USN rollback, follow these steps:
1.
Remove Active Directory from the domain controller to force it to be a stand-alone server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
332199
(http://support.microsoft.com/kb/332199/)
Domain controllers do not demote gracefully when you use the Active Directory Installation Wizard to force demotion in Windows Server 2003 and in Windows 2000 Server
2.
Shut down the demoted server.
3.
On a healthy domain controller, clean up the metadata of the demoted domain controller. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
216498
(http://support.microsoft.com/kb/216498/)
How to remove data in Active Directory after an unsuccessful domain controller demotion
4.
If the incorrectly restored domain controller hosts operations master roles, transfer these roles to a healthy domain controller. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
255504
(http://support.microsoft.com/kb/255504/)
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
5.
Restart the demoted server.
6.
If you are required to, install Active Directory on the stand-alone server again.
7.
If the domain controller was previously a global catalog, configure the domain controller to be a global catalog. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
313994
(http://support.microsoft.com/kb/313994/)
How to create or move a global catalog in Windows 2000
8.
If the domain controller previously hosted operations master roles, transfer the operations master roles back to the domain controller. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
255504
(http://support.microsoft.com/kb/255504/)
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
9.
Restore the system state.Evaluate whether valid system state backups exist for this domain controller. If a valid system state backup was made before the rolled-back domain controller was incorrectly restored, and the backup contains recent changes that were made on the domain controller, restore the system state from the most recent backup.
Cheers
M@
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. | | | |
|
|