Domain Controllers

[Bozo]

We have only one domain controller in our department. It is backed up using Acronis Server 10 software.
We recently had to install the spare domain controller. The acronis backup was installed on the spare and it came up just fine. But, we had to go to each computer, remove it from the domain and then re-install it back into the domain.
Is there a way to prevent this from happening?

Thanks

 

[ddrueding]

You did a complete re-image to new hardware? OS and all? Same name? Same IP?

I've done that plenty of times without having to remove/re-add workstations.

 

[Mercutio]

How old was the backup? If it was more than 60 days, there can be an issue with crypto the keys used by Windows Authentication going out of date and leaving the machines unable to talk to each other even though everything else is the same.

 

[Bozo]

It was a complete image from the original server to an identical box with identical hardware.

But it was over 60 days old.

 

[Mercutio]

Well there you go.

I ran into that when I tried to maintain my classroom machines on a domain. They'd all lose their ability to talk to the DC after after the fourth time I restored their baseline image, or roughly eight weeks.

I did some investigation and found out that there's a hard deadline for renewing the crypto keys for the machine account logins, and if those aren't in sync with the server (or if the server's are old, as they are in your case), the machine accounts can't log in and stuff just isn't going to work.

Having them on a domain would've given me the ability to push software to them, but I since I still have to sit at each machine and boot into each Windows installation (my coworkers are VM-phobic, even though that would make a LOT more sense than maintaining multiboot installation), I decided that it's easier to write install scripts than screw around with having them on a domain.

 

[time]

Wow, that's incredibly valuable information. Thanks Merc.

 

[Mercutio]

Really? I wouldn't think it would come up in any kind of normal environment.

 

[Bozo]

I don't work in a normal envirnment. The domain controller was set up by an outside vender for a total of 8 computers, including the DC. It is a stand alone computer with a quad core Intel processor and 8GB of RAM. It does nothing else but allow the other computers to log on to the domain. A waste of good hardware and money.

 

[Chewy509]

Out of interest, was the server also providing DHCP? If so, did it "just work" or did they have to fiddle with it to make it work?

(My experience shows that the Microsoft DHCP service ties it's configuration to the MAC address of the NIC, and after a cloning operation or changing the NIC, you need to resetup DHCP otherwise it either doesn't work OR you get really weird stuff happening).

 

[Bozo]

No, it does not handle DHCP. We used static addresses.