Reinstate a PDC after virus attack.

Hemps

Hemps

Honorary Master
Joined
Jan 19, 2009
Messages
11,663
Reaction score
1,632
Location
Slummies
We are sitting with two Server's:

Main server - Server running 2003 R2 x64bit
Quad 2.8
4 GB ram

Backup server - running Server R2 x32
Dual 3
2 GB ram

The main server is giving constant hassles with various issues ranging from DNS to files being corupted etc.
Ever since a infection of the Olmarik Trojan infected our system's.

I need to redo the main server as backup server is till fine and the Trojan was not detected on it.

What options do I have so that I dont have re-create active directory again, I would like to import everything from the backup server.

Demote main server to a member server and remove it from the network.
Promote our backup server to Primary server (holds all our active directory computers and user information)
Reinstall Server 2003 R2 x64 on a new hdd (current drive will be set aside)
Promote new install to Primary Server and replicate Active Directory.
 
Hey Hemps,


Your plan will work, kinda.
:-)

My suggested approach:

a) If your "backup server" is not yet a domain controller then best you make it one asap.
b) Once the backup server is also DC, transfer the FSMO roles from the primary DC to the backup DC.
You can use either the schema snap-in, domains & trusts snap-in or users & computers snap-in to accomplish this - or just use ntdsutil.exe (command line).
c) Once the FSMO roles are transferred to the backup DC then it's safe to demote the primary server and format & re-install it.
d) Once the re-install + updates is complete, promote it again to a DC & transfer the FSMO roles back from the backup DC.
You'll then be back where you started pre-virus infection. (plus you'll have a 2nd DC just in case)

& maybe invest in GOOD (expensive?) virus/malware protection for your DC's.
Having to do this kind of thing each time some strange virus/worm comes out is not fun, as I'm sure you've realized.
:-)
 
bubbatentoe said:
Hey Hemps,


Your plan will work, kinda.
:-)

My suggested approach:

a) If your "backup server" is not yet a domain controller then best you make it one asap.
b) Once the backup server is also DC, transfer the FSMO roles from the primary DC to the backup DC.
You can use either the schema snap-in, domains & trusts snap-in or users & computers snap-in to accomplish this - or just use ntdsutil.exe (command line).
c) Once the FSMO roles are transferred to the backup DC then it's safe to demote the primary server and format & re-install it.
d) Once the re-install + updates is complete, promote it again to a DC & transfer the FSMO roles back from the backup DC.
You'll then be back where you started pre-virus infection. (plus you'll have a 2nd DC just in case)

& maybe invest in GOOD (expensive?) virus/malware protection for your DC's.
Having to do this kind of thing each time some strange virus/worm comes out is not fun, as I'm sure you've realized.
:-)
Click to expand...

Solid advice.

Just make sure your netdiag and dcdiag is error free before demoting the Main server.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X