Windows – Recover from accidental Sysprep on only AD DC

active-directorydomain-controllersysprepwindows

Being total "genius" on newly deployed environment I ran:

sysprep /oobe /generalize /mode:vm /shutdown

on the wrong VM during creation of a new AD environment.

To make matters worse it was run on the first/only domain controller. Sysprep was actually supposed to be run on a machine which was going to be a second domain controller. Further, I haven't made a backup yet ("genius" – told ya).

Fortunately there are no connected clients so I can configure everything again. BUT is there a way to recover from a situation like this? The DC has a new SID, name etc., but as far as I understand Sysprep, the AD database should be intact. Of course I can't log in to the DC because I get the error The security database on the server does not have a computer account for this workstation trust relationship.

Any ideas?

Best Answer

You cannot recover from running Sysprep on a DC. According to MS documentation What is Sysprep?:

The /generalize option instructs Sysprep to remove system-specific data from the Windows installation. System-specific information includes event logs, unique security IDs (SIDs), and other unique information.

and:

If the computer is joined to a domain, Sysprep removes the computer from the domain.

Destroying SIDs and removing a DC from the domain are irreversable actions that have rendered your DC unusable. Because you have no other DCs in the domain, you will need to recreate your active directory domain from scratch.

Best Answer

Related Solutions

Sysprep on an already deployed system

VSphere Client vCenter Template Customization Specification Using Windows Sysprep Unattended Answer XML File

Related Topic