?
Solved

Restore AD and Domain

Posted on 2014-02-11
7
Medium Priority
?
437 Views
Last Modified: 2014-03-02
Hello Experts,

I am curious to know for my knowledge.

I have a 1 Windows 2008 R2 Domain Controller and DNS Services ( on same server)  and 80-85 workstation joined to this domain
I have 120 users with serveral OU's
I have some GPO's.

And I have system state backup for the previous day ( the day before server crashed)

Lets assume this server due to hardware failure and no way to return it back. In this case I have to introduce another server to restore AD.

How I can fully restore my active directory services Please can someone provide step by step guide

Note: I know Additional Domain Controller can be rescue this issue. But I don't ADC.

Thanking in Advance
0
Comment
Question by:cciedreamer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 25

Expert Comment

by:Sekar Chinnakannu
ID: 39852541
make sure you have took 100% full backup with system state. here is steps for restore the AD from your backup http://community.spiceworks.com/how_to/show/27-restore-active-directory
If you want more specific refer this MS article http://technet.microsoft.com/en-us/library/bb727048.aspx
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39852555
Thanks,

Well I use the backup method mentioned in the link  here  using
wbadmin start systemstatebackup -backuptarget:e

Open in new window


Step 1 To prepare another with windows 2008 R2 ( same OS) then proceed with restore process directly mentioned in the above link
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 800 total points
ID: 39853487
If you are using Windows Server Backup to perform a Restore you need to have the following...
- New Server built (same OS with patches applied)
- System State backup
- Perform Authoritative Restore during the Restore process
- After server has been restored, open command prompt and run "netdom query fsmo"
- make sure that FSMO roles are currently held by the DC, if not you will need to seize them to the DC you have restored

Authoritative Restore with Windows Server Backup

Use NTDSUtil to Seize the FSMO Roles

If you had 2 DC's in your environment it is recommended that you transfer the roles to the DC that is online and still functioning rather than doing a restore of the one that failed. If you only have 1 DC then preform the steps above.

Will.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 1200 total points
ID: 39855928
In reality restoring AD system state backup on fresh OS on same server \ new hardware with fresh OS is not supported by MS.

Ideally they required existing server OS on the same server and from directory service restore mode you need to restore system state backup authoritatively.
This concept is called as AD forest recovery and applicable if your AD database is corrupted and can't be repaired by any means and you cannot use any available DCs in domain then MS will suggest Forest Recovery options
http://technet.microsoft.com/en-us/library/cc757662(v=ws.10).aspx

But you can restore existing AD system state backup on new OS \ new servers with some error messages and in order to do that, you need to prepare new server with same OS and service pack with same hostname and IP (More important) and with same drive letter if your previous AD database is stored in different drive other than default one, then you can restore AD system state backup on that server.
You need to install Windows server backup feature 1st
Then restart server in DSRM
Then restore AD system state backup authoritatively
Upon successful restoration, reboot the server and seize the FSMO roles as outlined above by others

Note that since you have single server, authoritative switch is not mandatory.
You can simply restore without that switch (Non-Authoritative restore)

That is why its actually suggested to have at least TWO DCs, so in case of lost of one DC you can have in tact AD database on another server

Mahesh
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39862300
Same OS and Drive Letter cannot be issue.

But having same patches could be an issue. What if we don't know what updates were installed lately on the server before crashing.

Is it also required to have same Partition Size of Drive ?

Also Same Hardware ??
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 1200 total points
ID: 39862428
Since restoring AD system state backup on new fresh OS installation (Even on same server hardware) is not supported, you need to take care \ workarounds as far as possible to avoid failure during \ post restore operation if your original server and OS is not available for restore operation

This includes:
Retain same hardware if possible \ install fresh OS on identical hardware (Mandatory step - If you restore on different server hardware it is likely to be ready yourself for BSOD post restoration)
Keep OS version and service pack version same as original (Mandatory)
Windows Updates \ patches should be at same level if possible (there is always some deviation happens in this case between original OS and new server OS patch level), however you can proceed with restoration if you can't match patch level)

In case of partitions, partitions drive letter must be same as old one in case of new servers and new server partition size must be equal \ greater than partitions size of original server that has crashed.

Mahesh
0
 
LVL 3

Author Closing Comment

by:cciedreamer
ID: 39898250
Thanks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question