Restoring 2008 R2 Domain Controller in DR scenario

Posted on 2013-10-24
Last Modified: 2013-11-29
Here is the scenario. My building was hit by meteorite.
All I have is a desktop PC, OS disk and full DC backup.
I need to restore my DC to a different hardware.

I would like to get a WORKING solution someone actually TRIED.

My original Domain consisted 4 domain controllers. 3 x 2003 R2 and 1 x 2008 R2 (FSMO).
I'm restoring that 2008 R2.

I know that there are hundreds of posts everywhere on the internet. And that’s the problem. After searching for a long time, I couldn’t find anything useful.

So please, don’t just google for 'restore domain controller to different hardware' and copy paste the result (or actual solution). I know how to use google.

I'm only interested in first hand experience. Otherwise, shush ! :)
Question by:tp-it-team
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3

Expert Comment

by:nashim khan
ID: 39596929
LVL 57

Expert Comment

by:Mike Kline
ID: 39597109
There is a KB that talks about restoring to different hardware but I'm not going to post that since you have probably seen it.   It is not fun and I won't blow smoke I haven't done it in years.  Having said that I've never tried to restore a DC backup on server grade hardware onto a PC.

Your best bet for the scenario you mentioned is to plan ahead and have a DC offsite at a different location.  This is even getting easier these days with cloud based solutions like Azure and others becoming even more mature.  If the building is taken out in that scenario then you have that offsite "COOP" site and a working DC.  You would have to cleanout the old DCs but it is not that bad.

You could also virtualize a DC and then have that data to restore bring back up in a true DR building gone scenario.



Author Comment

ID: 39597128
So, what approach did you take ? Did you install clean DC and did a restore ? was it authoritative or non-authoritative ?
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

LVL 53

Expert Comment

by:Will Szymkowski
ID: 39597156
If you have a system state backup and all of your DC's are gone, do the following...

- Install the OS on your new hardware
- Install your backup agent on the newly created server
- Restore your System State backup to the new server
- Open cmd (elevated)
- Use NTDSUtil and do any meta data cleanup 
- Open DNS Manager
- Expand your internal domain zone and open the _msdcs and make sure that your SRV records for the 2003 DC's are not present. If they are delete them
- Open Sites and Services and and make sure that you remove any 2003 DC's that are still there
- Check to ensure that all sysvol/netlogon shares have the correct data
- Check replication/DNS functionality (DCDiag /v)
Once the above has been completed you can start to introduce new DC's into the environment.

Non-Authoritative and Authoratative resotres come into play when you have multiple DC's in your environment and you want to restore individual objects back into Active Directory, which is no longer required if you have 2008 R2 Recycle Bin feature.

Since you only have 1 DC to restore and there are no other DC's in the mix there is no need for this.

Another note you need to preform the steps above regarding metadata and DNS due to the system state you restore. It has all of the entires from the old 2003 DC's that no longer exist.

LVL 57

Expert Comment

by:Mike Kline
ID: 39597194
Since you asked what we did was follow the steps in the Microsoft KB  here

Looking back in our situation it was a single DC that died and now with experience behind me I would have just done a metadata cleanup and built a new box so our scenario was different.

You also have to make sure your backups/tapes are offsite in your scenario.


LVL 24

Expert Comment

by:Mike Thomas
ID: 39597247
My opinion on it is that you should have an available DC in another site, one that won’t get hit by the meteor

I think Azure is the way to go for businesses with single sites you can get a low spec machine for a monthly charge, you can get site to site VPN links and all sorts of cool stuff.

Basically get a DC in the private cloud, this will be covered by Microsoft DR's multi replication over multiple sites etc.

You could also have a very small Office 365 environement too thay way you have comms during DR and all your staff can keep working to a degree while you rebuild, and of course being the cloud all your staffs homes become their DR Site and of course Lync/Office.

Author Comment

ID: 39597584
I want to know how to do it just for piece of mind. I know its problematic, I know that Microsoft made it such and incredible, magical experience. Not so long ago there were no clouds and other fancy options. I find it hard to believe that its not possible unless someone very knowledgeable will tell me so. And then the question would be, why Microsoft, why oh [beeep] WHY !
LVL 24

Expert Comment

by:Mike Thomas
ID: 39597941
In that case you need to read this

Microsoft offer a service where by you can plan, document and test this process for your specific environment...but it does not come cheap.
LVL 24

Accepted Solution

Sandeshdubey earned 500 total points
ID: 39598029
Officially system state backup is not supported on different hardware it is to be used on the same system or similar but seen scenario where it doesn't work on similar system also due to driver version difference.

However you are multiple DC as other suggested if one DC goes down and cannot be brought back you can perform metadata cleanup of DC and reinstall OS and promote the server back as DC.If you still want to test the same you need to take systemstate backup of the existing DC and restore the same on new DC and test.Please ensure that you perfrom the same in test env.

Complete Step by Step Guideline to Remove an Orphaned Domain controller (including seizing FSMOs, running a metadata cleanup, and more)

If the FSMO role holder cannot be bring back or taking long time you can seize the role on other DC.
There's some info on FSMOs and what would happen if any specific FSMO is down for any length of time, permanently or termporarily.
Active Directory FSMO Roles Explained and What Happens When They Fail and Why you may not be able to keep a DC up once roles were seized.

 Hope this helps

Author Comment

ID: 39600643
So many years and Microsoft couldn't separate DC backup from hardware drivers. Its just so annoying...

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question