Options when domain controller gone (a bit urgent)

Hi,

Apologies for the urgent comment in the subject but we're in dire
straights here. I was wondering where the best place to post was, as
the first part of this is more related to general AD domain
functionality, but I'll get to more Exchange specifics later.

Up until recently, we've had two main servers. One hosts the AD
domain, with DNS and DHCP installed, and is the primary file sharing
box. The second machine is the mail and Internet gateway server,
running Exchange 2003 and ISA 2004.

Basically we've lost the main domain controller and it appears it's
not recoverable, so it's going to have to be reinstalled from scratch.
This isn't the end of the world and it can be brought back up in
relatively short order, the big issue is the Exchange box.

The first idea we had was to promote the Exchange box to being the PDC
(or whatever the teminology is now in AD-land), and then hook what was
the PDC before up to this, effectively reversing the roles of each
machine in the domain. Now I'm getting a bit lost here. I presumed
that, since the Exchange machine had to be integrated with the domain,
that it would have all the necessary domain info replicated on it, but
of course there's no DNS service on that machine, which is what
actually hosts the AD domain, so this can't be the case can it?

If so, then I'm rather puzzled as to why this box is working at all.
Everything seems to suggest that the AD domain has "gone", as there is
now no DNS server anywhere on the network, yet clients can still
access Exchange and the 'net (via ISA) without being prompted for
login credentials, plus viewing AD Users and Computers does still
bring up the full list of user accounts, after a brief delay.

So the first question is, does the Exchange box actually have a "copy"
of the AD domain data on it that can be recovered? We tried using
DCPROMO on it but that wanted to remove AD before it did anything
else. This seems to support the theory that AD is installed on this
machine, yet how can this be if there's no DNS server present? I'm a
bit confused here.

If what I want to do here isn't possible, then we're going to have to
setup the failed server as a new AD domain controller, and replicate
all the user accounts and groups. The question is, once this is done,
can the Exchange box be "re-integrated" with this controller in any
way, or will we have to backup all data, uninstall Exchange and AD and
then reinstall from scratch?

Any advice would be appreciated here, as we need to get started doing
something here but I'm wary of doing the wrong thing.

Thanks in advance,

Regards,
Toby.

mark
Tue May 31 08:59:02 CDT 2005

If you are sure that you have no other Domain Controller in the environment
then Exchange is going to pack up, any second.
If you have got another DC/GC stashed somewhere then that's why it's still
working. I'd tend to suggest that you do have a little DC in a corner
somewhere.

If you have no DC then you're in a lot of trouble. All the workstations are
going to need joining to a new domain and all new accounts are going to be
necessary. You can bring the old Exchange databases into a new Exchange
orgnaisation and then connect then up to the user accounts but it's a drag.

Take a look at www.microsoft.com/exchange for the DR Whitepaper, but before
that i'd seriously consider investing some time in understanding AD. You
can't do one without the other and your post shows that you do have a couple
of gaps you need to fill.
--
Mark Arnold.


"Toby Groves" wrote:

> Hi,
>
> Apologies for the urgent comment in the subject but we're in dire
> straights here. I was wondering where the best place to post was, as
> the first part of this is more related to general AD domain
> functionality, but I'll get to more Exchange specifics later.
>
> Up until recently, we've had two main servers. One hosts the AD
> domain, with DNS and DHCP installed, and is the primary file sharing
> box. The second machine is the mail and Internet gateway server,
> running Exchange 2003 and ISA 2004.
>
> Basically we've lost the main domain controller and it appears it's
> not recoverable, so it's going to have to be reinstalled from scratch.
> This isn't the end of the world and it can be brought back up in
> relatively short order, the big issue is the Exchange box.
>
> The first idea we had was to promote the Exchange box to being the PDC
> (or whatever the teminology is now in AD-land), and then hook what was
> the PDC before up to this, effectively reversing the roles of each
> machine in the domain. Now I'm getting a bit lost here. I presumed
> that, since the Exchange machine had to be integrated with the domain,
> that it would have all the necessary domain info replicated on it, but
> of course there's no DNS service on that machine, which is what
> actually hosts the AD domain, so this can't be the case can it?
>
> If so, then I'm rather puzzled as to why this box is working at all.
> Everything seems to suggest that the AD domain has "gone", as there is
> now no DNS server anywhere on the network, yet clients can still
> access Exchange and the 'net (via ISA) without being prompted for
> login credentials, plus viewing AD Users and Computers does still
> bring up the full list of user accounts, after a brief delay.
>
> So the first question is, does the Exchange box actually have a "copy"
> of the AD domain data on it that can be recovered? We tried using
> DCPROMO on it but that wanted to remove AD before it did anything
> else. This seems to support the theory that AD is installed on this
> machine, yet how can this be if there's no DNS server present? I'm a
> bit confused here.
>
> If what I want to do here isn't possible, then we're going to have to
> setup the failed server as a new AD domain controller, and replicate
> all the user accounts and groups. The question is, once this is done,
> can the Exchange box be "re-integrated" with this controller in any
> way, or will we have to backup all data, uninstall Exchange and AD and
> then reinstall from scratch?
>
> Any advice would be appreciated here, as we need to get started doing
> something here but I'm wary of doing the wrong thing.
>
> Thanks in advance,
>
> Regards,
> Toby.
>

Toby
Tue May 31 11:23:17 CDT 2005

Hi Mark,

Thanks for the help, I do realise I have a few gaps in my knowledge
but then I'm a programmer, not a sysadmin :)

We've resigned ourselves to a total rebuild, but Exchange is going to
be the biggest pains due to the data still contained in mailboxes.
I've investigated the ExMerge utility but this doesn't look like it's
going to help in this situation.

You say migrating the databases is a drag, but what exactly would be
involved? Once the DC is rebuilt we'll have a new domain but with
similarly named accounts. Ideally I'd like to preserve the existing
mailboxes and simply re-attach them to the matching user accounts in
the new domain. How much bother would this be.

TIA,

Toby.

On Tue, 31 May 2005 06:59:02 -0700, "Mark Arnold [MVP]"
<mark@mvps.org> wrote:

>If you are sure that you have no other Domain Controller in the environment
>then Exchange is going to pack up, any second.
>If you have got another DC/GC stashed somewhere then that's why it's still
>working. I'd tend to suggest that you do have a little DC in a corner
>somewhere.
>
>If you have no DC then you're in a lot of trouble. All the workstations are
>going to need joining to a new domain and all new accounts are going to be
>necessary. You can bring the old Exchange databases into a new Exchange
>orgnaisation and then connect then up to the user accounts but it's a drag.
>
>Take a look at www.microsoft.com/exchange for the DR Whitepaper, but before
>that i'd seriously consider investing some time in understanding AD. You
>can't do one without the other and your post shows that you do have a couple
>of gaps you need to fill.

a_user
Tue Jun 14 20:54:21 CDT 2005

If exchange is still functioning, and when you ran dcpromo on that machine
it wanted to uninstall active directory then that server is configured as a
domain controller as well. Remember that be default all DC's in win2k and
win2k3 domains use intergrated ad dns so that would explain why your clients
are still able to access the network and the internet through isa.


"Toby Groves" <toby.groves@touchsystems.nospam.co.uk> wrote in message
news:ch3p9192fpr1eqa7gsvh8li4uv0l6f65f3@4ax.com...
> Hi Mark,
>
> Thanks for the help, I do realise I have a few gaps in my knowledge
> but then I'm a programmer, not a sysadmin :)
>
> We've resigned ourselves to a total rebuild, but Exchange is going to
> be the biggest pains due to the data still contained in mailboxes.
> I've investigated the ExMerge utility but this doesn't look like it's
> going to help in this situation.
>
> You say migrating the databases is a drag, but what exactly would be
> involved? Once the DC is rebuilt we'll have a new domain but with
> similarly named accounts. Ideally I'd like to preserve the existing
> mailboxes and simply re-attach them to the matching user accounts in
> the new domain. How much bother would this be.
>
> TIA,
>
> Toby.
>
> On Tue, 31 May 2005 06:59:02 -0700, "Mark Arnold [MVP]"
> <mark@mvps.org> wrote:
>
>>If you are sure that you have no other Domain Controller in the
>>environment
>>then Exchange is going to pack up, any second.
>>If you have got another DC/GC stashed somewhere then that's why it's still
>>working. I'd tend to suggest that you do have a little DC in a corner
>>somewhere.
>>
>>If you have no DC then you're in a lot of trouble. All the workstations
>>are
>>going to need joining to a new domain and all new accounts are going to be
>>necessary. You can bring the old Exchange databases into a new Exchange
>>orgnaisation and then connect then up to the user accounts but it's a
>>drag.
>>
>>Take a look at www.microsoft.com/exchange for the DR Whitepaper, but
>>before
>>that i'd seriously consider investing some time in understanding AD. You
>>can't do one without the other and your post shows that you do have a
>>couple
>>of gaps you need to fill.
>