Active Directory Disaster Recovery using Windows Server Backup – Part 3

Part 1 of this post gave a brief overview as to why I was testing this procedure, Part 2 showed how I created the back-up using powershell and this final part details how I performed an authoritative restore on an existing ‘corrupt’ DC in a domain containing 2 DC’s.  Note: If you wish to perform a bare-metal recovery then the procedure will be different to this one.

During my testing I referred to this Microsoft document for additional guidance.

1 – I started out by deleting some DNS records, GPO’s, users and OU’s and adding a new schema class in order to mimic a schema \ A.D. corruption:

1 - New class in schema

 

2 – If not already installed, install the Windows Server Backup feature:

2 - Install the Server Backup tool

 

3 – I then booted to directory services mode:

3 - Boot to DSRM

4 – ..and logged in with the DSRM account and password:

4 - log in DSRM creds

5 – I then took a look at the available back-ups

5 - Get available backups

 

6 – ..and kicked-off an authoritative System State restore:

6 - Select system state backup

7 – Type y to continue…

7 - Select Yes

 

8 – Don’t type ‘Y’!  Press ctrl + C as we need to turn off the auto-boot into DSRM

8 - press ctrl and C

 

9 – Disable booting into DSRM:

9 - remove dsrm booting

 

10 – ..and reboot the computer:

10 - restart

11 – On logging in to the domain, you will be presented with the following:

11 - success

12 – Check dns, replication etc and that everything has restored OK and you’re good to go.  Here’s the schema back as it should be following the restore:

12 - Schema OK

 

Be the first to comment

Leave a Reply