Procedure for Rebuilding a Domain Controller in the CSCF Active Directory Using Domain Synchronization

During the Summer of 2005, the domain controller intacta in the CS-GENERAL domain died. This left the CS-GENERAL domain relying strictly on one domain controller (serverus) for authentication. The recovery procedure that follows can be applied to any circumstance where one domain controller is lost but another domain controller within that domain is still healthy.

Since both serverus and intacta retain essentially the same information it was possible to quickly wipe intacta clean and place a new Windows 2003 image on the server. Once this re-created intacta was promoted to domain controller status again, serverus proceded to update intacta automatically. The procedure that follows can be applied to any similar circumstance where a domain controller fails but the domain is still operational.

1. If the failing domain controller (intacta) is an operational master, then transfer (if possible) all operational master roles to an alternate domain controller: serverus. This is done using the Active Directory Users and Computers programme in the Administators tools.
2. Shutdown intacta.
3. Delete intacta's computer entry from the domain.
4. Pull out intacta's mirror drive for safe keeping.
5. Reapply CSCF Windows 2003 OS image onto intacta (following README instructions).
   • A copy of this OS image can be found on the core share of the CSCF app server cs-appserv.cscf.
6. Boot intacta, follow through with driver install process.
   • Specify elisa and eponina as primary and secondary DNS servers respectively.
   • Enable DNS registration.
   • Disable unused network adaptor.
7. Patch the server using Windows Update in Internet Explorer.
8. Convert intacta to a domain controller using dcpromo.exe command. Follow the wizard to make intacta a domain controller in CS-GENERAL.
   A server reboot will have to take place when this is complete.
9. Wait for domain controllers in CS-GENERAL to synchronize (about 90 minutes).
10. In Directory Service logs on intacta check for any remaining issues.
11. Seize any remaining operational master roles to serverus using the NTDSUTIL.EXE commmand. There is a nice Microsoft Knowledge Base article KB-255504 which outlines how to perform this task.
12. Reboot intacta.
13. Reassign operational master roles back to intacta.
14. Once statisfied that intacta is work properly, replace the server's mirror drive and re-establish mirroring.