Part 1 of this post gave a brief overview as to why I was testing this procedure, Part 2 showed how I created the back-up using powershell and this final part details how I performed an authoritative restore on an existing ‘corrupt’ DC in a domain containing 2 DC’s. Note: If you wish to perform a bare-metal recovery then the procedure will be different to this one.
During my testing I referred to this Microsoft document for additional guidance.
1 – I started out by deleting some DNS records, GPO’s, users and OU’s and adding a new schema class in order to mimic a schema \ A.D. corruption:
2 – If not already installed, install the Windows Server Backup feature:
3 – I then booted to directory services mode:
4 – ..and logged in with the DSRM account and password:
5 – I then took a look at the available back-ups
6 – ..and kicked-off an authoritative System State restore:
7 – Type y to continue…
8 – Don’t type ‘Y’! Press ctrl + C as we need to turn off the auto-boot into DSRM
9 – Disable booting into DSRM:
10 – ..and reboot the computer:
11 – On logging in to the domain, you will be presented with the following:
12 – Check dns, replication etc and that everything has restored OK and you’re good to go. Here’s the schema back as it should be following the restore: