Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Restoring 2008 R2 Domain Controller in DR scenario

Posted on 2013-10-24
Medium Priority
Last Modified: 2013-11-29
Here is the scenario. My building was hit by meteorite.
All I have is a desktop PC, OS disk and full DC backup.
I need to restore my DC to a different hardware.

I would like to get a WORKING solution someone actually TRIED.

My original Domain consisted 4 domain controllers. 3 x 2003 R2 and 1 x 2008 R2 (FSMO).
I'm restoring that 2008 R2.

I know that there are hundreds of posts everywhere on the internet. And that’s the problem. After searching for a long time, I couldn’t find anything useful.

So please, don’t just google for 'restore domain controller to different hardware' and copy paste the result (or actual solution). I know how to use google.

I'm only interested in first hand experience. Otherwise, shush ! :)
Question by:tp-it-team
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
LVL 57

Expert Comment

by:Mike Kline
ID: 39597109
There is a KB that talks about restoring to different hardware but I'm not going to post that since you have probably seen it.   It is not fun and I won't blow smoke I haven't done it in years.  Having said that I've never tried to restore a DC backup on server grade hardware onto a PC.

Your best bet for the scenario you mentioned is to plan ahead and have a DC offsite at a different location.  This is even getting easier these days with cloud based solutions like Azure and others becoming even more mature.  If the building is taken out in that scenario then you have that offsite "COOP" site and a working DC.  You would have to cleanout the old DCs but it is not that bad.

You could also virtualize a DC and then have that data to restore bring back up in a true DR building gone scenario.



Author Comment

ID: 39597128
So, what approach did you take ? Did you install clean DC and did a restore ? was it authoritative or non-authoritative ?
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 53

Expert Comment

by:Will Szymkowski
ID: 39597156
If you have a system state backup and all of your DC's are gone, do the following...

- Install the OS on your new hardware
- Install your backup agent on the newly created server
- Restore your System State backup to the new server
- Open cmd (elevated)
- Use NTDSUtil and do any meta data cleanup 
- Open DNS Manager
- Expand your internal domain zone and open the _msdcs and make sure that your SRV records for the 2003 DC's are not present. If they are delete them
- Open Sites and Services and and make sure that you remove any 2003 DC's that are still there
- Check to ensure that all sysvol/netlogon shares have the correct data
- Check replication/DNS functionality (DCDiag /v)
Once the above has been completed you can start to introduce new DC's into the environment.

Non-Authoritative and Authoratative resotres come into play when you have multiple DC's in your environment and you want to restore individual objects back into Active Directory, which is no longer required if you have 2008 R2 Recycle Bin feature.

Since you only have 1 DC to restore and there are no other DC's in the mix there is no need for this.

Another note you need to preform the steps above regarding metadata and DNS due to the system state you restore. It has all of the entires from the old 2003 DC's that no longer exist.

LVL 57

Expert Comment

by:Mike Kline
ID: 39597194
Since you asked what we did was follow the steps in the Microsoft KB  here

Looking back in our situation it was a single DC that died and now with experience behind me I would have just done a metadata cleanup and built a new box so our scenario was different.

You also have to make sure your backups/tapes are offsite in your scenario.


LVL 24

Expert Comment

by:Mike Thomas
ID: 39597247
My opinion on it is that you should have an available DC in another site, one that won’t get hit by the meteor

I think Azure is the way to go for businesses with single sites you can get a low spec machine for a monthly charge, you can get site to site VPN links and all sorts of cool stuff.

Basically get a DC in the private cloud, this will be covered by Microsoft DR's multi replication over multiple sites etc.

You could also have a very small Office 365 environement too thay way you have comms during DR and all your staff can keep working to a degree while you rebuild, and of course being the cloud all your staffs homes become their DR Site and of course Lync/Office.

Author Comment

ID: 39597584
I want to know how to do it just for piece of mind. I know its problematic, I know that Microsoft made it such and incredible, magical experience. Not so long ago there were no clouds and other fancy options. I find it hard to believe that its not possible unless someone very knowledgeable will tell me so. And then the question would be, why Microsoft, why oh [beeep] WHY !
LVL 24

Expert Comment

by:Mike Thomas
ID: 39597941
In that case you need to read this

Microsoft offer a service where by you can plan, document and test this process for your specific environment...but it does not come cheap.
LVL 24

Accepted Solution

Sandeshdubey earned 1500 total points
ID: 39598029
Officially system state backup is not supported on different hardware it is to be used on the same system or similar but seen scenario where it doesn't work on similar system also due to driver version difference.

However you are multiple DC as other suggested if one DC goes down and cannot be brought back you can perform metadata cleanup of DC and reinstall OS and promote the server back as DC.If you still want to test the same you need to take systemstate backup of the existing DC and restore the same on new DC and test.Please ensure that you perfrom the same in test env.

Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)

If the FSMO role holder cannot be bring back or taking long time you can seize the role on other DC.
There's some info on FSMOs and what would happen if any specific FSMO is down for any length of time, permanently or termporarily.
Active Directory FSMO Roles Explained and What Happens When They Fail and Why you may not be able to keep a DC up once roles were seized.

 Hope this helps

Author Comment

ID: 39600643
So many years and Microsoft couldn't separate DC backup from hardware drivers. Its just so annoying...

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question