Subj : Re: Fun with domain controllers
To   : Nick Andre
From : Gamgee
Date : Sun Aug 13 2023 07:31:00

-=> Nick Andre wrote to Gamgee <=-

  >  NA> Recursively delete the .log files on a domain controller...
  >  NA> reboot and see what happens.
 
 G> 1. Disclaimer: I know nothing about the operation of a domain controller.
 G> 2. Question: Why would it care if log files were absent?

 NA> Active directory uses a database that depends on logfiles to
 NA> "play back" a set of transactions in case of failure... and
 NA> apparently depends on every file being present in the set.

 NA> When one of those logfiles goes missing, this breaks a
 NA> consistency check on startup. The database does not load, thus
 NA> active directory fails to start, thus the server completely fails
 NA> to boot requiring all sorts of convoluted steps to either repair
 NA> the database or restore from backup. There is no automated
 NA> process to repair or tell the system not to depend on the
 NA> logfiles.

 NA> The backup restored must not be from too long ago, otherwise a
 NA> stored token that establishes the trust of a computer on a domain
 NA> expires, thus every computer must re-join the domain.

Wow.  That seems like a painful process.  Glad you got it sorted, and 
thanks for the explanation.



.... Internal Error: The system has been taken over by sheep at line 19960
=== MultiMail/Linux v0.52
--- SBBSecho 3.20-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)

.