Improve company productivity with a Business Account.Sign Up

x
?
Solved

Restore AD and Domain

Posted on 2014-02-11
7
Medium Priority
?
444 Views
Last Modified: 2014-03-02
Hello Experts,

I am curious to know for my knowledge.

I have a 1 Windows 2008 R2 Domain Controller and DNS Services ( on same server)  and 80-85 workstation joined to this domain
I have 120 users with serveral OU's
I have some GPO's.

And I have system state backup for the previous day ( the day before server crashed)

Lets assume this server due to hardware failure and no way to return it back. In this case I have to introduce another server to restore AD.

How I can fully restore my active directory services Please can someone provide step by step guide

Note: I know Additional Domain Controller can be rescue this issue. But I don't ADC.

Thanking in Advance
0
Comment
Question by:cciedreamer
7 Comments
 
LVL 26

Expert Comment

by:Sekar Chinnakannu
ID: 39852541
make sure you have took 100% full backup with system state. here is steps for restore the AD from your backup http://community.spiceworks.com/how_to/show/27-restore-active-directory
If you want more specific refer this MS article http://technet.microsoft.com/en-us/library/bb727048.aspx
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39852555
Thanks,

Well I use the backup method mentioned in the link  here  using
wbadmin start systemstatebackup -backuptarget:e

Open in new window


Step 1 To prepare another with windows 2008 R2 ( same OS) then proceed with restore process directly mentioned in the above link
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 800 total points
ID: 39853487
If you are using Windows Server Backup to perform a Restore you need to have the following...
- New Server built (same OS with patches applied)
- System State backup
- Perform Authoritative Restore during the Restore process
- After server has been restored, open command prompt and run "netdom query fsmo"
- make sure that FSMO roles are currently held by the DC, if not you will need to seize them to the DC you have restored

Authoritative Restore with Windows Server Backup

Use NTDSUtil to Seize the FSMO Roles

If you had 2 DC's in your environment it is recommended that you transfer the roles to the DC that is online and still functioning rather than doing a restore of the one that failed. If you only have 1 DC then preform the steps above.

Will.
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
LVL 41

Assisted Solution

by:Mahesh
Mahesh earned 1200 total points
ID: 39855928
In reality restoring AD system state backup on fresh OS on same server \ new hardware with fresh OS is not supported by MS.

Ideally they required existing server OS on the same server and from directory service restore mode you need to restore system state backup authoritatively.
This concept is called as AD forest recovery and applicable if your AD database is corrupted and can't be repaired by any means and you cannot use any available DCs in domain then MS will suggest Forest Recovery options
http://technet.microsoft.com/en-us/library/cc757662(v=ws.10).aspx

But you can restore existing AD system state backup on new OS \ new servers with some error messages and in order to do that, you need to prepare new server with same OS and service pack with same hostname and IP (More important) and with same drive letter if your previous AD database is stored in different drive other than default one, then you can restore AD system state backup on that server.
You need to install Windows server backup feature 1st
Then restart server in DSRM
Then restore AD system state backup authoritatively
Upon successful restoration, reboot the server and seize the FSMO roles as outlined above by others

Note that since you have single server, authoritative switch is not mandatory.
You can simply restore without that switch (Non-Authoritative restore)

That is why its actually suggested to have at least TWO DCs, so in case of lost of one DC you can have in tact AD database on another server

Mahesh
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39862300
Same OS and Drive Letter cannot be issue.

But having same patches could be an issue. What if we don't know what updates were installed lately on the server before crashing.

Is it also required to have same Partition Size of Drive ?

Also Same Hardware ??
0
 
LVL 41

Accepted Solution

by:
Mahesh earned 1200 total points
ID: 39862428
Since restoring AD system state backup on new fresh OS installation (Even on same server hardware) is not supported, you need to take care \ workarounds as far as possible to avoid failure during \ post restore operation if your original server and OS is not available for restore operation

This includes:
Retain same hardware if possible \ install fresh OS on identical hardware (Mandatory step - If you restore on different server hardware it is likely to be ready yourself for BSOD post restoration)
Keep OS version and service pack version same as original (Mandatory)
Windows Updates \ patches should be at same level if possible (there is always some deviation happens in this case between original OS and new server OS patch level), however you can proceed with restoration if you can't match patch level)

In case of partitions, partitions drive letter must be same as old one in case of new servers and new server partition size must be equal \ greater than partitions size of original server that has crashed.

Mahesh
0
 
LVL 3

Author Closing Comment

by:cciedreamer
ID: 39898250
Thanks
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question