Active Directory Disaster Recovery using Windows Server Backup – Part 3

Part 1 of this post gave a brief overview as to why I was testing this procedure, Part 2 showed how I created the back-up using powershell and this final part details how I performed an authoritative restore on an existing ‘corrupt’ DC in a domain containing 2 DC’s.  Note: If you wish to perform a bare-metal recovery then the procedure will be different to this one.

During my testing I referred to this Microsoft document for additional guidance.

1 – I started out by deleting some DNS records, GPO’s, users and OU’s and adding a new schema class in order to mimic a schema \ A.D. corruption:

1 - New class in schema


2 – If not already installed, install the Windows Server Backup feature:

2 - Install the Server Backup tool


3 – I then booted to directory services mode:

3 - Boot to DSRM

4 – ..and logged in with the DSRM account and password:

4 - log in DSRM creds

5 – I then took a look at the available back-ups

5 - Get available backups


6 – ..and kicked-off an authoritative System State restore:

6 - Select system state backup

7 – Type y to continue…

7 - Select Yes


8 – Don’t type ‘Y’!  Press ctrl + C as we need to turn off the auto-boot into DSRM

8 - press ctrl and C


9 – Disable booting into DSRM:

9 - remove dsrm booting


10 – ..and reboot the computer:

10 - restart

11 – On logging in to the domain, you will be presented with the following:

11 - success

12 – Check dns, replication etc and that everything has restored OK and you’re good to go.  Here’s the schema back as it should be following the restore:

12 - Schema OK


Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.