Restoring a DC over a year old, Event 8012.

Hi,

I never usually have any issues cloning a curretn DC, however I need to
restore one that is over 1 year old for our Law team. I think it has
something to do with a tomestone of 60 days on the System State, what can I
do?

I did think about changint the servers clock before restoring.

Hello Whiteford,

Is that the only DC in the network? Basically you will loose all configuration
since then and also all computers have to be readded to the domain, because
they loose there machine password.

If you have additional DCs, forget the restore that way and better install
a fresh machine.

Do NEVER use images for backup, this result in USN rollbacks when multiple
DCs exist in a domain. Also run at least once a week a system state backup,
so you will not use everything.

Additional it is recommended to have at least 2 DC/DNS/GC server in a domain.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi,
>
> I never usually have any issues cloning a curretn DC, however I need
> to restore one that is over 1 year old for our Law team. I think it
> has something to do with a tomestone of 60 days on the System State,
> what can I do?
>
> I did think about changint the servers clock before restoring.
>

"Whiteford" <> wrote in message
news:...
> Hi,
>
> I never usually have any issues cloning a curretn DC, however I need to
> restore one that is over 1 year old for our Law team. I think it has
> something to do with a tomestone of 60 days on the System State, what can
> I do?
>
> I did think about changint the servers clock before restoring.


I wouldn't suggest using a DC that is over a year old. Meinolf gave you some
specifics. The USN rollback is a big issue. The best bet is to force demote
it, and re-promote it fresh.

Besides, what could be on that machine the law team needs? If it is just a
bunch of files, bring it up offline, copy them to a USB or some other media,
and port it over to the production servers. Otherwise, you will be
introducing problems bringing that machine up online as a DC that has passed
it's tombstone.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Howdie!

Whiteford wrote:
> I never usually have any issues cloning a curretn DC, however I need to
> restore one that is over 1 year old for our Law team. I think it has
> something to do with a tomestone of 60 days on the System State, what
> can I do?

This isn't about turning back the time. There's more to it than just
messing with the clocks. What are you trying to do with that cloned
image (btw. images are NOT AD backups - they're NOT supported)? Is it
just to look into AD and see what the data in there was a year ago? Or
is it to restore files from there?

In any case, don't brink a "restored"/imaged DC back online in the first
place.

Cheers,
Florian

Others have already pointed out the problem if you move forward, but you
haven't described what has happened, what needs to be accomplished and waht
is available. These details might help you resolve the predicament you are
in

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Whiteford" <> wrote in message
news:...
> Hi,
>
> I never usually have any issues cloning a curretn DC, however I need to
> restore one that is over 1 year old for our Law team. I think it has
> something to do with a tomestone of 60 days on the System State, what can
> I do?
>
> I did think about changint the servers clock before restoring.

Hi,

We need to build a DC that was well over a year old and then install our old
Exchange infrastructure as this is no longer alive, I then need to export
all mailboxes to PST file, this is made easy using Exmerge and have all the
users in AD, otherwise I have to manually create 1000's of users, thing is
100's no longer exist in our current Domain, so I thought why not restoer
the AD for that time.

I built a plain member Windows 2003 server then backed up:

C:\boot.ini
C:\NTLDR
C:\NTDETECT.com
C:\WINNT\System32\Hal.dll
C:\WINNT\System32\NToskrnl.exe
C:\WINNT\System32\NTkrnlpa.exe

I Reboot the server, and selected DSR mode and login with the local Admin
password. I then locate me AD backup file and restore the C drive first
then the System State last and then copy the 6 files above back over then
reboot back into DSRM mode and let it find new hardware etc then reboot in
to normal mode. I'm done this 100's of time on our current DC's and it
works every time (I have to do a metadata clean up but this is easy).

Doing the above restore on the old AD backup file doesn't seem to restore
the ntds.dit file.



"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:%...
> Others have already pointed out the problem if you move forward, but you
> haven't described what has happened, what needs to be accomplished and
> waht is available. These details might help you resolve the predicament
> you are in
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Whiteford" <> wrote in message
> news:...
>> Hi,
>>
>> I never usually have any issues cloning a curretn DC, however I need to
>> restore one that is over 1 year old for our Law team. I think it has
>> something to do with a tomestone of 60 days on the System State, what can
>> I do?
>>
>> I did think about changint the servers clock before restoring.
>
>

Hello Whiteford,

Ok, so your goal is to get back the DC that was also the old Exchange server
to export mailboxes? Is the original domain still in use and only the server
was removed from that domain, or is it a retired domain, where nothing exist
from?

If the domain still exist you should be able to use the Exchange databases
to restore Exchange to a different hardware. Important is that you really
have the same domain so you can use the existing administrator/password combination
to get access to the Exchange database.

Check out:
http://technet.microsoft.com/en-us/l...EXCHG.65).aspx

http://www.msexchange.org/tutorials/...-Hardware.html

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi,
>
> We need to build a DC that was well over a year old and then install
> our old Exchange infrastructure as this is no longer alive, I then
> need to export all mailboxes to PST file, this is made easy using
> Exmerge and have all the users in AD, otherwise I have to manually
> create 1000's of users, thing is 100's no longer exist in our current
> Domain, so I thought why not restoer the AD for that time.
>
> I built a plain member Windows 2003 server then backed up:
>
> C:\boot.ini
> C:\NTLDR
> C:\NTDETECT.com
> C:\WINNT\System32\Hal.dll
> C:\WINNT\System32\NToskrnl.exe
> C:\WINNT\System32\NTkrnlpa.exe
> I Reboot the server, and selected DSR mode and login with the local
> Admin password. I then locate me AD backup file and restore the C
> drive first then the System State last and then copy the 6 files above
> back over then reboot back into DSRM mode and let it find new hardware
> etc then reboot in to normal mode. I'm done this 100's of time on our
> current DC's and it works every time (I have to do a metadata clean up
> but this is easy).
>
> Doing the above restore on the old AD backup file doesn't seem to
> restore the ntds.dit file.
>
> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
> news:%...
>
>> Others have already pointed out the problem if you move forward, but
>> you haven't described what has happened, what needs to be
>> accomplished and waht is available. These details might help you
>> resolve the predicament you are in
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>> Microsoft's Thrive IT Pro of the Month - June 2009
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Whiteford" <> wrote in message
>> news:...
>>
>>> Hi,
>>>
>>> I never usually have any issues cloning a curretn DC, however I need
>>> to restore one that is over 1 year old for our Law team. I think it
>>> has something to do with a tomestone of 60 days on the System State,
>>> what can I do?
>>>
>>> I did think about changint the servers clock before restoring.
>>>

Thanks, well it seems build the DC on a member server with it's date in the
BIOS set to just after the restore for AD worked, so I'm now happy, thanks
for you help and time spent on this.


"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:. com...
> Hello Whiteford,
>
> Ok, so your goal is to get back the DC that was also the old Exchange
> server to export mailboxes? Is the original domain still in use and only
> the server was removed from that domain, or is it a retired domain, where
> nothing exist from?
>
> If the domain still exist you should be able to use the Exchange databases
> to restore Exchange to a different hardware. Important is that you really
> have the same domain so you can use the existing administrator/password
> combination to get access to the Exchange database.
>
> Check out:
> http://technet.microsoft.com/en-us/l...EXCHG.65).aspx
>
> http://www.msexchange.org/tutorials/...-Hardware.html
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hi,
>>
>> We need to build a DC that was well over a year old and then install
>> our old Exchange infrastructure as this is no longer alive, I then
>> need to export all mailboxes to PST file, this is made easy using
>> Exmerge and have all the users in AD, otherwise I have to manually
>> create 1000's of users, thing is 100's no longer exist in our current
>> Domain, so I thought why not restoer the AD for that time.
>>
>> I built a plain member Windows 2003 server then backed up:
>>
>> C:\boot.ini
>> C:\NTLDR
>> C:\NTDETECT.com
>> C:\WINNT\System32\Hal.dll
>> C:\WINNT\System32\NToskrnl.exe
>> C:\WINNT\System32\NTkrnlpa.exe
>> I Reboot the server, and selected DSR mode and login with the local
>> Admin password. I then locate me AD backup file and restore the C
>> drive first then the System State last and then copy the 6 files above
>> back over then reboot back into DSRM mode and let it find new hardware
>> etc then reboot in to normal mode. I'm done this 100's of time on our
>> current DC's and it works every time (I have to do a metadata clean up
>> but this is easy).
>>
>> Doing the above restore on the old AD backup file doesn't seem to
>> restore the ntds.dit file.
>>
>> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
>> news:%...
>>
>>> Others have already pointed out the problem if you move forward, but
>>> you haven't described what has happened, what needs to be
>>> accomplished and waht is available. These details might help you
>>> resolve the predicament you are in
>>>
>>> --
>>> Paul Bergson
>>> MVP - Directory Services
>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>> 2008, 2003, 2000 (Early Achiever), NT4
>>> Microsoft's Thrive IT Pro of the Month - June 2009
>>> http://www.pbbergs.com
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> "Whiteford" <> wrote in message
>>> news:...
>>>
>>>> Hi,
>>>>
>>>> I never usually have any issues cloning a curretn DC, however I need
>>>> to restore one that is over 1 year old for our Law team. I think it
>>>> has something to do with a tomestone of 60 days on the System State,
>>>> what can I do?
>>>>
>>>> I did think about changint the servers clock before restoring.
>>>>
>
>

Hello Whiteford,

Nice to hear that you find your solution. But keep in mind that images are
not a supported way of AD backup and also as you see a system state backup
must be in time with the tombstone lifetime.

Also see:
http://support.microsoft.com/kb/216993

http://support.microsoft.com/kb/875495

http://blogs.dirteam.com/blogs/jorge...11/24/153.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks, well it seems build the DC on a member server with it's date
> in the BIOS set to just after the restore for AD worked, so I'm now
> happy, thanks for you help and time spent on this.
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:. com...
>
>> Hello Whiteford,
>>
>> Ok, so your goal is to get back the DC that was also the old Exchange
>> server to export mailboxes? Is the original domain still in use and
>> only the server was removed from that domain, or is it a retired
>> domain, where nothing exist from?
>>
>> If the domain still exist you should be able to use the Exchange
>> databases to restore Exchange to a different hardware. Important is
>> that you really have the same domain so you can use the existing
>> administrator/password combination to get access to the Exchange
>> database.
>>
>> Check out:
>> http://technet.microsoft.com/en-us/l...EXCHG.65).aspx
>> http://www.msexchange.org/tutorials/...Server2003-Alt
>> ernate-Hardware.html
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hi,
>>>
>>> We need to build a DC that was well over a year old and then install
>>> our old Exchange infrastructure as this is no longer alive, I then
>>> need to export all mailboxes to PST file, this is made easy using
>>> Exmerge and have all the users in AD, otherwise I have to manually
>>> create 1000's of users, thing is 100's no longer exist in our
>>> current Domain, so I thought why not restoer the AD for that time.
>>>
>>> I built a plain member Windows 2003 server then backed up:
>>>
>>> C:\boot.ini
>>> C:\NTLDR
>>> C:\NTDETECT.com
>>> C:\WINNT\System32\Hal.dll
>>> C:\WINNT\System32\NToskrnl.exe
>>> C:\WINNT\System32\NTkrnlpa.exe
>>> I Reboot the server, and selected DSR mode and login with the local
>>> Admin password. I then locate me AD backup file and restore the C
>>> drive first then the System State last and then copy the 6 files
>>> above
>>> back over then reboot back into DSRM mode and let it find new
>>> hardware
>>> etc then reboot in to normal mode. I'm done this 100's of time on
>>> our
>>> current DC's and it works every time (I have to do a metadata clean
>>> up
>>> but this is easy).
>>> Doing the above restore on the old AD backup file doesn't seem to
>>> restore the ntds.dit file.
>>>
>>> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
>>> news:%...
>>>
>>>> Others have already pointed out the problem if you move forward,
>>>> but you haven't described what has happened, what needs to be
>>>> accomplished and waht is available. These details might help you
>>>> resolve the predicament you are in
>>>>
>>>> --
>>>> Paul Bergson
>>>> MVP - Directory Services
>>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>>> 2008, 2003, 2000 (Early Achiever), NT4
>>>> Microsoft's Thrive IT Pro of the Month - June 2009
>>>> http://www.pbbergs.com
>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> "Whiteford" <> wrote in message
>>>> news:...
>>>>> Hi,
>>>>>
>>>>> I never usually have any issues cloning a curretn DC, however I
>>>>> need to restore one that is over 1 year old for our Law team. I
>>>>> think it has something to do with a tomestone of 60 days on the
>>>>> System State, what can I do?
>>>>>
>>>>> I did think about changint the servers clock before restoring.
>>>>>

If this machines is still a dc, I would STRONGLY encourage you to
decommission the dc part. I'm guessing you will have to take the machine
offline and do a dcpromo /forceremoval. You could really create headache
for yourself.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Whiteford" <> wrote in message
news:O%...
> Thanks, well it seems build the DC on a member server with it's date in
> the BIOS set to just after the restore for AD worked, so I'm now happy,
> thanks for you help and time spent on this.
>
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:. com...
>> Hello Whiteford,
>>
>> Ok, so your goal is to get back the DC that was also the old Exchange
>> server to export mailboxes? Is the original domain still in use and only
>> the server was removed from that domain, or is it a retired domain, where
>> nothing exist from?
>>
>> If the domain still exist you should be able to use the Exchange
>> databases to restore Exchange to a different hardware. Important is that
>> you really have the same domain so you can use the existing
>> administrator/password combination to get access to the Exchange
>> database.
>>
>> Check out:
>> http://technet.microsoft.com/en-us/l...EXCHG.65).aspx
>>
>> http://www.msexchange.org/tutorials/...-Hardware.html
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>> Hi,
>>>
>>> We need to build a DC that was well over a year old and then install
>>> our old Exchange infrastructure as this is no longer alive, I then
>>> need to export all mailboxes to PST file, this is made easy using
>>> Exmerge and have all the users in AD, otherwise I have to manually
>>> create 1000's of users, thing is 100's no longer exist in our current
>>> Domain, so I thought why not restoer the AD for that time.
>>>
>>> I built a plain member Windows 2003 server then backed up:
>>>
>>> C:\boot.ini
>>> C:\NTLDR
>>> C:\NTDETECT.com
>>> C:\WINNT\System32\Hal.dll
>>> C:\WINNT\System32\NToskrnl.exe
>>> C:\WINNT\System32\NTkrnlpa.exe
>>> I Reboot the server, and selected DSR mode and login with the local
>>> Admin password. I then locate me AD backup file and restore the C
>>> drive first then the System State last and then copy the 6 files above
>>> back over then reboot back into DSRM mode and let it find new hardware
>>> etc then reboot in to normal mode. I'm done this 100's of time on our
>>> current DC's and it works every time (I have to do a metadata clean up
>>> but this is easy).
>>>
>>> Doing the above restore on the old AD backup file doesn't seem to
>>> restore the ntds.dit file.
>>>
>>> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
>>> news:%...
>>>
>>>> Others have already pointed out the problem if you move forward, but
>>>> you haven't described what has happened, what needs to be
>>>> accomplished and waht is available. These details might help you
>>>> resolve the predicament you are in
>>>>
>>>> --
>>>> Paul Bergson
>>>> MVP - Directory Services
>>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>>> 2008, 2003, 2000 (Early Achiever), NT4
>>>> Microsoft's Thrive IT Pro of the Month - June 2009
>>>> http://www.pbbergs.com
>>>>
>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> "Whiteford" <> wrote in message
>>>> news:...
>>>>
>>>>> Hi,
>>>>>
>>>>> I never usually have any issues cloning a curretn DC, however I need
>>>>> to restore one that is over 1 year old for our Law team. I think it
>>>>> has something to do with a tomestone of 60 days on the System State,
>>>>> what can I do?
>>>>>
>>>>> I did think about changint the servers clock before restoring.
>>>>>
>>
>>
>