Windows 2012 Domain Controller -- restore from backup ?

Someone said "NEVER restore a DC from a backup, just create a new DC, having settings get replicated from your other DC, manually setting up FSMO roles, DNS, DHCP, static IP addresses, etc if the dead DC had them"

 1. Is this true ?
 2. If not, what is your recommendation when a DC needs to be restored for some reason (i.e. failed motherboard/etc) ?
finance_teacherAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
Is this true ?

yes...you can do more harm than good restoring a DC like that when other domain controllers are in place
on the other hand, if it is the only domain controller and it fails though you have a good backup fairly recently, then that is ok to restore since there is no conflict; you just have to fix anything that changed since the last backup (say, a user password that was reset or a computer account joined the domain)
Lee W, MVPTechnology and Business Process AdvisorCommented:
Agreed - I might have been that someone.  When other DCs exist, it's RARELY a good idea to restore a failed DC - certainly not if you don't understand AD - and you don't - or you wouldn't be asking this question.
Jeff GloverSr. Systems AdministratorCommented:
The main reason for restoring the System State (that is ALL you should ever try to do with a DC) would be if someone accidentally deleted something and you don't have recycle bin enabled or something happened that corrupted your AD in some way. Then doing an Authoritative restore is a last ditch way to get things back. Of course, you lose changes that happened between the time of the backup and the time of the restore. If you lose a DC to a hardware failure and you have another one DC in the network. Just rebuild it /replace it and repromote it with a different name. Or if you need to use the same name, do a metadata cleanup first.
DrDave242Senior Support EngineerCommented:
Restoring a DC from backup isn't always a bad idea, as long as the backup isn't very old and you used an AD-aware tool to create the backup in the first place. The integrated Windows Server Backup feature is one such tool. Numerous third-party backup applications are also AD-aware, but some have to be configured in a certain way in order to enable this.

Restoring a DC from a backup made using a non-AD-aware application may lead to a USN rollback, the symptoms of which can look bizarre if you haven't seen them before.

If you have other DCs in the domain and you don't have any replication issues (in either AD or SYSVOL replication), it'll likely be just as easy to seize roles, perform a metadata cleanup, and recreate the failed DC from scratch as it would be to restore the backup.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.