Discussion:
prevent SBS 2000 from replicating AD to member DC
(too old to reply)
BradinMuskoka
2010-02-12 20:05:01 UTC
Permalink
We have an SBS 2000 environment with a Windows 2003 server acting as the
member (or backup) domain controller. Our SBS machine crashed on Wednesday
and so our member DC has taken over domain responsibilities.

I am now in the process of installing a fresh copy of Windows 2000 SBS on
our original DC and then am going to begin restoring Exchange, SQL etc...
etc... from our backups...

My question is this... If I log onto our member windows 2003 domain
controller, is there a spot in the DNS section there to PREVENT the SBS 2000
server from replicating all of it's AD information ?? My fear is that once I
get my SBS 2000 server set up, my backup win2k3 DC will try to replicate with
it and will wind up replicating an empty active directory structure -
rendering our domain dead as nails...

How can I prevent this from happening?

Thanks, Brad
Steve Foster
2010-02-13 18:25:56 UTC
Permalink
Post by BradinMuskoka
We have an SBS 2000 environment with a Windows 2003 server acting as the
member (or backup) domain controller. Our SBS machine crashed on Wednesday
and so our member DC has taken over domain responsibilities.
I am now in the process of installing a fresh copy of Windows 2000 SBS on
our original DC and then am going to begin restoring Exchange, SQL etc...
etc... from our backups...
My question is this... If I log onto our member windows 2003 domain
controller, is there a spot in the DNS section there to PREVENT the SBS 2000
server from replicating all of it's AD information ?? My fear is that once I
get my SBS 2000 server set up, my backup win2k3 DC will try to replicate with
it and will wind up replicating an empty active directory structure -
rendering our domain dead as nails...
How can I prevent this from happening?
You must *NOT* run SBS setup. The only requirement for restoring with NT
Backup is that the core Windows Server OS has the same service pack level
as that of the backup (which should be SP4). Third-party backup
applications usually have some sort of "bare-metal" restore option that is
preferable.

If you find must rebuild (rather than restore from backup), you have to
join the replacement SBS to the existing domain first and manually promote
it to a DC in the existing domain (you'll need to read up on AD cleanup
and disaster recovery).
--
Steve Foster
------------
Please reply only to the newsgroups.
For SSL Certificates, Domains, etc, visit.: https://netshop.virtual-isp.net
BradinMuskoka
2010-02-14 16:26:01 UTC
Permalink
Steve, we don't use ntbackup, I am using symantec backup exec 12.5 and as
such have to install an agent on the SBS machine once I have an os installed
and then do a push restore of teh c:\ contents from the backup exec
management server. I have done this a few times but each time get a boot disk
configuration error (before the "Loading windows 2000 server " screen even
appears) leading me to believe that the hidden files I restored from teh
original configuration are not meshing properly with eh current config. COuld
it be as simple as jsut excluding all of these hidden boot files from the
restore job - or possibly just omit the boot.ini file maybe??? Unfortunately
the version of backup Exec we are using does not have (we have not paid for)
a bare metal restoration method... (my bad...) live and learn - for sure!

AS for the rebuilding of the SBS machine if I have to, I recall that in the
original setup you specify the domain name you want - and since our backup
domain controller (also housing teh AD structure and was a replication
partner) has control of the domain, the setup will not let me specify the
same domain name (which makes sense) - so does that mean I will need to
create a brand new domain to get it up and running and then somehow join it
to the original domain and refresh the ad structure from my replication
partner??


Thanks Steve...
Post by Steve Foster
Post by BradinMuskoka
We have an SBS 2000 environment with a Windows 2003 server acting as the
member (or backup) domain controller. Our SBS machine crashed on Wednesday
and so our member DC has taken over domain responsibilities.
I am now in the process of installing a fresh copy of Windows 2000 SBS on
our original DC and then am going to begin restoring Exchange, SQL etc...
etc... from our backups...
My question is this... If I log onto our member windows 2003 domain
controller, is there a spot in the DNS section there to PREVENT the SBS 2000
server from replicating all of it's AD information ?? My fear is that once I
get my SBS 2000 server set up, my backup win2k3 DC will try to replicate with
it and will wind up replicating an empty active directory structure -
rendering our domain dead as nails...
How can I prevent this from happening?
You must *NOT* run SBS setup. The only requirement for restoring with NT
Backup is that the core Windows Server OS has the same service pack level
as that of the backup (which should be SP4). Third-party backup
applications usually have some sort of "bare-metal" restore option that is
preferable.
If you find must rebuild (rather than restore from backup), you have to
join the replacement SBS to the existing domain first and manually promote
it to a DC in the existing domain (you'll need to read up on AD cleanup
and disaster recovery).
--
Steve Foster
------------
Please reply only to the newsgroups.
For SSL Certificates, Domains, etc, visit.: https://netshop.virtual-isp.net
.
Merv Porter [SBS-MVP]
2010-02-14 18:35:34 UTC
Permalink
I don’t do Backup Exec but everything I see about BE 12.5 says that it needs
Windows 2000 SP4 installed. Might not solve your problem but may be worth a
try. And I would start by installing SBS CD1 (and your RAID drivers) to
get Windows Server 2000 installed, then install Windows Server 2000 SP4,
then do a restore with BE.

Windows 2000 Service Pack 4 Express Install for End Users
http://www.microsoft.com/downloads/details.aspx?familyid=DC27B8C6-2A5A-4399-AD3D-4A97A25F41D9&displaylang=en
--
Merv Porter [SBS-MVP]
============================
Post by BradinMuskoka
Steve, we don't use ntbackup, I am using symantec backup exec 12.5 and as
such have to install an agent on the SBS machine once I have an os installed
and then do a push restore of teh c:\ contents from the backup exec
management server. I have done this a few times but each time get a boot disk
configuration error (before the "Loading windows 2000 server " screen even
appears) leading me to believe that the hidden files I restored from teh
original configuration are not meshing properly with eh current config. COuld
it be as simple as jsut excluding all of these hidden boot files from the
restore job - or possibly just omit the boot.ini file maybe???
Unfortunately
the version of backup Exec we are using does not have (we have not paid for)
a bare metal restoration method... (my bad...) live and learn - for sure!
AS for the rebuilding of the SBS machine if I have to, I recall that in the
original setup you specify the domain name you want - and since our backup
domain controller (also housing teh AD structure and was a replication
partner) has control of the domain, the setup will not let me specify the
same domain name (which makes sense) - so does that mean I will need to
create a brand new domain to get it up and running and then somehow join it
to the original domain and refresh the ad structure from my replication
partner??
Thanks Steve...
Post by Steve Foster
Post by BradinMuskoka
We have an SBS 2000 environment with a Windows 2003 server acting as the
member (or backup) domain controller. Our SBS machine crashed on Wednesday
and so our member DC has taken over domain responsibilities.
I am now in the process of installing a fresh copy of Windows 2000 SBS on
our original DC and then am going to begin restoring Exchange, SQL etc...
etc... from our backups...
My question is this... If I log onto our member windows 2003 domain
controller, is there a spot in the DNS section there to PREVENT the SBS 2000
server from replicating all of it's AD information ?? My fear is that
once
I
get my SBS 2000 server set up, my backup win2k3 DC will try to replicate with
it and will wind up replicating an empty active directory structure -
rendering our domain dead as nails...
How can I prevent this from happening?
You must *NOT* run SBS setup. The only requirement for restoring with NT
Backup is that the core Windows Server OS has the same service pack level
as that of the backup (which should be SP4). Third-party backup
applications usually have some sort of "bare-metal" restore option that is
preferable.
If you find must rebuild (rather than restore from backup), you have to
join the replacement SBS to the existing domain first and manually promote
it to a DC in the existing domain (you'll need to read up on AD cleanup
and disaster recovery).
--
Steve Foster
------------
Please reply only to the newsgroups.
https://netshop.virtual-isp.net
.
BradinMuskoka
2010-02-15 04:59:01 UTC
Permalink
Thanks Merv... I will try doing that tomorrow and see what happens!!

Brad
Post by Merv Porter [SBS-MVP]
I don’t do Backup Exec but everything I see about BE 12.5 says that it needs
Windows 2000 SP4 installed. Might not solve your problem but may be worth a
try. And I would start by installing SBS CD1 (and your RAID drivers) to
get Windows Server 2000 installed, then install Windows Server 2000 SP4,
then do a restore with BE.
Windows 2000 Service Pack 4 Express Install for End Users
http://www.microsoft.com/downloads/details.aspx?familyid=DC27B8C6-2A5A-4399-AD3D-4A97A25F41D9&displaylang=en
--
Merv Porter [SBS-MVP]
============================
Post by BradinMuskoka
Steve, we don't use ntbackup, I am using symantec backup exec 12.5 and as
such have to install an agent on the SBS machine once I have an os installed
and then do a push restore of teh c:\ contents from the backup exec
management server. I have done this a few times but each time get a boot disk
configuration error (before the "Loading windows 2000 server " screen even
appears) leading me to believe that the hidden files I restored from teh
original configuration are not meshing properly with eh current config. COuld
it be as simple as jsut excluding all of these hidden boot files from the
restore job - or possibly just omit the boot.ini file maybe??? Unfortunately
the version of backup Exec we are using does not have (we have not paid for)
a bare metal restoration method... (my bad...) live and learn - for sure!
AS for the rebuilding of the SBS machine if I have to, I recall that in the
original setup you specify the domain name you want - and since our backup
domain controller (also housing teh AD structure and was a replication
partner) has control of the domain, the setup will not let me specify the
same domain name (which makes sense) - so does that mean I will need to
create a brand new domain to get it up and running and then somehow join it
to the original domain and refresh the ad structure from my replication
partner??
Thanks Steve...
Post by Steve Foster
Post by BradinMuskoka
We have an SBS 2000 environment with a Windows 2003 server acting as the
member (or backup) domain controller. Our SBS machine crashed on Wednesday
and so our member DC has taken over domain responsibilities.
I am now in the process of installing a fresh copy of Windows 2000 SBS on
our original DC and then am going to begin restoring Exchange, SQL etc...
etc... from our backups...
My question is this... If I log onto our member windows 2003 domain
controller, is there a spot in the DNS section there to PREVENT the SBS 2000
server from replicating all of it's AD information ?? My fear is that
once
I
get my SBS 2000 server set up, my backup win2k3 DC will try to replicate with
it and will wind up replicating an empty active directory structure -
rendering our domain dead as nails...
How can I prevent this from happening?
You must *NOT* run SBS setup. The only requirement for restoring with NT
Backup is that the core Windows Server OS has the same service pack level
as that of the backup (which should be SP4). Third-party backup
applications usually have some sort of "bare-metal" restore option that is
preferable.
If you find must rebuild (rather than restore from backup), you have to
join the replacement SBS to the existing domain first and manually promote
it to a DC in the existing domain (you'll need to read up on AD cleanup
and disaster recovery).
--
Steve Foster
------------
Please reply only to the newsgroups.
https://netshop.virtual-isp.net
.
.
Steve Foster
2010-02-15 14:59:31 UTC
Permalink
Post by BradinMuskoka
Steve, we don't use ntbackup, I am using symantec backup exec 12.5 and as
such have to install an agent on the SBS machine once I have an os installed
and then do a push restore of teh c:\ contents from the backup exec
management server. I have done this a few times but each time get a boot disk
configuration error (before the "Loading windows 2000 server " screen even
appears) leading me to believe that the hidden files I restored from teh
original configuration are not meshing properly with eh current config. COuld
it be as simple as jsut excluding all of these hidden boot files from the
restore job - or possibly just omit the boot.ini file maybe???
Unfortunately
the version of backup Exec we are using does not have (we have not paid for)
a bare metal restoration method... (my bad...) live and learn - for sure!
If it requires Windows to be up and running, it's almost certain to have
the same restriction as NT Backup - that the version of Windows match
service pack level.
Post by BradinMuskoka
AS for the rebuilding of the SBS machine if I have to, I recall that in the
original setup you specify the domain name you want - and since our backup
domain controller (also housing teh AD structure and was a replication
partner) has control of the domain, the setup will not let me specify the
same domain name (which makes sense) - so does that mean I will need to
create a brand new domain to get it up and running and then somehow join it
to the original domain and refresh the ad structure from my replication
partner??
No, this is the point about not running SBS setup directly. You cancel it,
go work on AD to the point that the SBS is a DC (ie manually promote it),
then restart the SBS Setup.
--
Steve Foster
------------
Please reply only to the newsgroups.
For SSL Certificates, Domains, etc, visit.: https://netshop.virtual-isp.net
BradinMuskoka
2010-02-15 15:49:01 UTC
Permalink
Thanks Steve... regarding your point about cancelling teh SBS setup, and
making sure that I bring up the base OS (Win2K) to SP4 and then manually
promoting it... Do you think that after I have got it up to SP4 but not
promoted it, at that point I could simply try the restore to the C: drive
from backup exec OR as you saying that I need to promote it to a DC first
BEFORE running a retore to c:?? I would think that retoring the entire C:
contents should also restore the entire active dir database etc... etc...
correct?? (and since there would be no active directory present by a simple
OS configure, it should be good to go in theory...

If for some reason i DO have to promote it... will I have to restart the
machine in safe mode once that is done and put it into directory restore mode
before actually doing the backup exec restore to c:??

Thanks for all your help...

Brad
Post by Steve Foster
Post by BradinMuskoka
Steve, we don't use ntbackup, I am using symantec backup exec 12.5 and as
such have to install an agent on the SBS machine once I have an os installed
and then do a push restore of teh c:\ contents from the backup exec
management server. I have done this a few times but each time get a boot disk
configuration error (before the "Loading windows 2000 server " screen even
appears) leading me to believe that the hidden files I restored from teh
original configuration are not meshing properly with eh current config. COuld
it be as simple as jsut excluding all of these hidden boot files from the
restore job - or possibly just omit the boot.ini file maybe??? Unfortunately
the version of backup Exec we are using does not have (we have not paid for)
a bare metal restoration method... (my bad...) live and learn - for sure!
If it requires Windows to be up and running, it's almost certain to have
the same restriction as NT Backup - that the version of Windows match
service pack level.
Post by BradinMuskoka
AS for the rebuilding of the SBS machine if I have to, I recall that in the
original setup you specify the domain name you want - and since our backup
domain controller (also housing teh AD structure and was a replication
partner) has control of the domain, the setup will not let me specify the
same domain name (which makes sense) - so does that mean I will need to
create a brand new domain to get it up and running and then somehow join it
to the original domain and refresh the ad structure from my replication
partner??
No, this is the point about not running SBS setup directly. You cancel it,
go work on AD to the point that the SBS is a DC (ie manually promote it),
then restart the SBS Setup.
--
Steve Foster
------------
Please reply only to the newsgroups.
For SSL Certificates, Domains, etc, visit.: https://netshop.virtual-isp.net
.
Steve Foster
2010-02-16 13:55:37 UTC
Permalink
Post by BradinMuskoka
Thanks Steve... regarding your point about cancelling teh SBS setup, and
making sure that I bring up the base OS (Win2K) to SP4 and then manually
promoting it... Do you think that after I have got it up to SP4 but not
promoted it, at that point I could simply try the restore to the C: drive
from backup exec OR as you saying that I need to promote it to a DC first
contents should also restore the entire active dir database etc... etc...
correct?? (and since there would be no active directory present by a simple
OS configure, it should be good to go in theory...
If for some reason i DO have to promote it... will I have to restart the
machine in safe mode once that is done and put it into directory restore mode
before actually doing the backup exec restore to c:??
You only promote it by hand if you're not restoring from backup. Manual
promotion is part of a rebuild project, when/if attempts to restore the
whole server have been abandoned.
--
Steve Foster
------------
Please reply only to the newsgroups.
For SSL Certificates, Domains, etc, visit.: https://netshop.virtual-isp.net
Loading...