Restore virtual secondary domain controller

You are running server 2008R2 for your domain controllers so restoring the secondary DC is not supported. You can only do this if you have a 2012 DC that is holding the PDC FSMO role.

If your Secondary DC has failed DO NOT restore a earlier version VM. You will run into USN issues with DNS and replication will not work properly.

If this DC has failed, you will need to remove it from the domain, perform the metadata cleanup and then install a new member server and promote it to a DC. Then allow replication to proceed from the DC that is online.

Make sure that you also update your DNS on your servers and clients if you are using different IP for the new DC.

Will.

I'm trying to understand what would trigger a USN rollback. Just for learning.  What would happen if the failed server was offline only for 1 hr. Say you turn it off at 2:00pm fix the issues and you turn it back on at 3:00pm.  How is that different than taking a full backup at 2:00pm and then restoring it at 3:00pm and turning it on? in both situations the server is not talking to the Primary DC for 1 hr. What does the restored server do that the turned off server would do?  How does this change when both servers are off for say a week?

I'm just trying to understand because rebuilding is a big PITA vs a 20 minute restore.

Thank you

Thanks

Looks like my original question was cut off. I can't figure out how to edit the original question. Anyway here is the entire original question.

I have a client with two 2008 R2 domain controllers running on Esx 5.1 on two separate hosts. DC1 and DC2. DC1 is the primary. I verified that DC1 has all 5 FSMO roles. Yesterday the drive containing DC2 failed. I have Storagecraft Shadow protect backups every hour up to the point of failure.

Since this is a secondary domain controller. I can just restore the image and turn it on right?  It's been less than 24hrs so the 2nd domain controller should just pull all the updated AD data from the primary without causing a bunch of AD errors correct?

I haven't had this happen in years so I want to do it correctly. This is also a good time to update our documentation with more detailed restore information.

I remember you don't want to do this if it's been a long time.

Thanks

There are several different mechanisums that happen on a domain controller. You only ever restore a DC using an image when your entire domain has failed. You can then restore the DC Image and they you would add any additonal DC's replicating from the images DC.

Whenever you are actually restoring something back into AD you need to use either non-authoritative or authoritative. When you have a DC offline for like and hour it will get the updates/chagnes pushed to it when it is back online from the other DC's that are up to date.

If you restore from an image the DC's that are online the entire time will not push those changes to the DC that has been imaged. This is where you see orphaned objects that will now never get replicated to the other DC's.

In Server 2012 you can virtulize your DC's and it has USN rollback so that when you bring up a DC from a recovered VM it will get its updates from the other DC that were online the entire time.

Take a look at the following link which explains in detail about USN Roll Back and it's importance.
https://technet.microsoft.com/en-ca/library/hh831734.aspx


Will.

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.