AD Restoration

It is the absolute worst case scenario possible; your domain controller has crashed. So what type of restore do you do?

It is any network administrator’s worst nightmare; your domain controller has crashed. So where do you go from here? Well, hopefully you have been doing your backups properly. If that is the case you shouldn’t have too much to worry about. However, during the restoration process you have to make the decision on whether to do an authoritative or non-authoritative restoration. The clock is ticking, which one do you choose?

Non-Authoritative Restoration
Used most commonly in cases when a DC because of a hardware or software related reasons, this is the default directory services restore mode selection. In this mode, the operating system restores the domain controller’s contents from the backup. After this, the domain controller then through replication receives all directory changes that have been made since the backup from the other domain controllers in the network.

Authoritative Restoration
An authoritative restore is most commonly used in cases in which a change was made within the directory that must be reversed, such as deleting an organization unit by mistake. This process restores the DC from the backup and then replicates to and overwrites all other domain controllers in the network to match the restored DC. The especially valuable thing about this is that you can choose to only make certain objects within the directory authoritative. For example, if you delete an OU by mistake you can choose to make it authoritative. This will replicate the deleted OU back to all of the other DC’s in the network and then use all of the other information from these other DC’s to update the newly restored server back up to date.

 

Tasks Procedures Tools Frequency
Back up Active Directory and associated components.
  • Back up system state on a domain controller.
  • Back up system state and system disk on a domain controller.
  • NTBackup.exe
At least twice within the tombstone lifetime
Perform a non-authoritative restore.
  • Restart the domain controller in Directory Services Restore Mode (locally or remotely).
  • Restore from backup media.
  • Verify Active Directory restore.
  • NTBackup.exe
  • Ntdsutil.exe
  • Event Viewer
  • Repadmin.exe
As needed
Perform an authoritative restore of a subtree or leaf object.
  • Restart in Directory Services Restore Mode.
  • Restore from backup media for authoritative restore.
  • Restore system state to an alternate location.
  • Perform authoritative restore of the subtree or leaf object.
  • Restart in normal mode.
  • Restore applicable portion of SYSVOL from alternate location.
  • Verify Active Directory restore.
  • NTBackup.exe
  • Ntdsutil.exe
  • Event Viewer
  • Repadmin.exe
As needed
Perform an authoritative restore of the entire directory.
  • Restart in Directory Services Restore Mode.
  • Restore from backup media for authoritative restore.
  • Restore system state to an alternate location.
  • Restore the database.
  • Restart in normal mode.
  • Copy SYSVOL from alternate location.
  • Verify Active Directory restore.
  • NTBackup.exe
  • Ntdsutil.exe
  • Event Viewer
  • Repadmin.exe
As needed
Recover a domain controller through reinstallation.
  • Clean up metadata.
  • Install Windows 2000 Server.
  • Install Active Directory.
  • Ntdsutil.exe
  • Active Directory Sites and Services
  • Active Directory Users and Computers
  • Dcpromo.exe
As needed
Restore a domain controller through reinstallation and subsequent restore from backup.
  • Install Windows 2000 Server on the same drive letter and partition as before the failure, partitioning the drive if necessary.
  • Restore from backup media (non-authoritative restore).
  • Verify Active Directory restore.
  • NTBackup.exe
As needed

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s