Recipe 16.2 Restarting a Domain Controller in Directory Services Restore Mode

16.2.1 Problem

You want to restart a domain controller in DS Restore Mode.

16.2.2 Solution

To enter DS Restore Mode, you must reboot the server at the console. Press F8 after the power-on self test (POST), which will bring up a menu, as shown in Figure 16-1. From the menu, select Directory Services Restore Mode.

Figure 16-1. Boot options

16.2.3 Discussion

The Active Directory database is live and locked by the system when a domain controller is booted into normal mode. If you want to perform integrity checks, manipulate the Active Directory database in some way or restore part of the database, you have to reboot into DS Restore Mode. In this mode, Active Directory does not start up and the database files (ntds.dit) are not locked.

It is not always practical to be logged into the console of the server when you need to reboot it into DS Restore Mode. You can work around this by modifying the boot.ini file for the server to automatically boot into DS Restore Mode after reboot. You can then use Terminal Services to log on to the machine remotely while it is in that mode. See MS KB 256588 for more information on how to enable this capability. Be careful if you try to access DS Restore Mode via Terminal Services. Unless you have configured everything properly, you may end up with the domain controller booted into DS Restore Mode and not be able to access it via Terminal Services.

16.2.4 See Also

MS KB 256588 (Using Terminal Services for Remote Administration of Windows 2000 DCs in Directory Service Restore Mode)

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List