Restoring a Machine in a Domain

Posted on 2012-03-29
Last Modified: 2016-10-27
Hi Guys,

2008 Domain with bunch of servers and two domain controllers.

We backup all our VHD's using Acronis (full VHD backup nightly)
I was just wondering, if one of our member servers fail (Terminal Services, File Server, etc.) but not domain controllers how would one restore the machine?

Is it as simple as removing the computer account
Restoring the VM to the correct Parent Virtual Server
And when the machine boots up all is ok to go?
Or do we need to keep the computer account in AD and then reboot it?

For that matter is the above in the correct procedure?

Thanks guys!
Question by:dqnet
  • 6
  • 3
LVL 95

Expert Comment

by:Lee W, MVP
ID: 37780549
A non-DC you should be able to just restore - I wouldn't even delete the computer account.  It's quite possible if you do the restore quick enough (and quick is relative - WEEKS COULD go by), it should work just fine.

DO NOT do this with a DC unless you only have ONE DC in the network.  You should NOT be backing up DCs via imaging unless you have ONLY ONE.

You should ALWAYS do test restores and in a test environment whenever possible.

Author Comment

ID: 37780666
If we had only one, and we tool system images, do we just build another server and restore the entire system image we took using Windows Backup before hand?

We dont have one, I'm just wondering in these cases?

Like let's say the only DC fails, would it be more appropriately to quickly restore the image or vhd or would it be better to just create a new VHD and restore the backup taken with Windows Backup using the RE environment?
LVL 95

Expert Comment

by:Lee W, MVP
ID: 37781844
When it comes to DCs, if you have more than one, I would just rebuild the one that failed.  

The problem with DCs and images is that you have the 5 FSMO roles.  Especially in the case of RID master, if it's handed out a block of RIDs, fails, and is restored, you then have it capable of handing out the same block of RIDs and if that happens, you start having multiple systems/users with the same RIDs - that pretty much KILLS you active directory.
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.


Author Comment

ID: 37793688
Yes but the question I'm asking is lets say our domain controller fails and we have a full system image using Windows server backup should we just create a new virtual machine and then use the system backup we took earlier and restore it after booting  that VHD into windows RE..

The question I'm asking is if your only domain controller fails what is the best way to approach the situation is it just to use that system backup image and creat a new VM restoring to it or would it better just to use the full VHD copy you took earlier..

Thanks for your help

Expert Comment

ID: 37796332
You could possibly:
(If you only have one DC)


Restore the image to a new VM


Create a new VM for a new DC and join it to the domain.


Demote the old DC while telling the wizard that is it NOT the last DC in the domain/forest.


Optional: Instead of demoting the old DC, you can try seizing the roles from the old DC, although I have not had the best of success from this the few times I have done it, but it does work when the OS is totally hosed and recreating a domain is insanely out of the question. I see this works best when the target DC has at least the Schema and RID roles plus the GC.

Step 4 worked for my domain when it had insane timing issues, but it was a 3 DC system. The steps were the same as I could not demote the 2 other DC's (all commands to demote failed miserably), and all DC's basically acted as standalone because of tombstone timeout. So I created 3 new VM's, restored the first DC (snaps are taken monthly of all VM's, regardless of role), joined the other two to the restored domain, then demoted the first (old) one. A little data loss, but better then recreating a 600+ asset domain when the manpower and timelines are tight. This was done on a live domain because there was no alternative and tombstone timeout is rare between active domains, but this particular network is mobile a lot and is offline a lot when stored.

All information given should be tried out in a test environment prior to going live for any system. Not doing so will definitely ensure failure at some point.

Author Comment

ID: 37797689
I really can't understand why all of this work is necessary to restore the server.
I mean if the company was simply restoring  a single Domain Controller, shouldn't they just create a new VHD boot it in windows RE mode using the Windows Server 2008r2 cd and then just point the restore to the windows server image backup from where you stored it? A das or nas, or even an external usb drive.

Just any company with a single domain controller..

Sorry if I'm being a pain I just I'm trying to find the easiest and supported most logical way...

Author Comment

ID: 38522780
I just noticed this question is still pending in my account.

Can anyone help?

Author Comment

ID: 38952844
LVL 95

Accepted Solution

Lee W, MVP earned 500 total points
ID: 38956242
> The question I'm asking is if your only domain controller fails what is the best way to
> approach the situation is it just to use that system backup image and creat a new VM
> restoring to it or would it better just to use the full VHD copy you took earlier..

The saying "six of one and half a dozen of the other" comes to mind - point being - I'd use whatever is newer.  The full backup is an image.  The VHD is an image.  If it's your ONLY DC it doesn't matter.

Author Comment

ID: 38962034
Exactly what I needed :)

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Best method to remove 360 Safety Guard from Windows 8 4 413
Acronis vmprotect 9 migration to 12 or veeam? 17 175
ost file to pst 10 166
Microservices and Windows apps 5 46
This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question