Restore a Domain Controller
In case of failure of the domain controller, perform the following steps:
- Reinstall the operating system (if needed).
- Restore the full backup of the domain controller.
- Perform a Non-Authoritative restore of the domain controller. The Non-Authoritative restore allows the entire directory to be restored on a domain controller, without reintroducing or changing the objects that have been modified. After you restore the system state, the domain controller queries its replication partners. The replication partners replicate any changes to the restored domain controller, ensuring that the domain controller has an accurate and updated copy of the Active Directory database.
For the Non-Authoritative restore, perform the following procedures:
-
To restart the domain controller in a Directory Services Restore Mode locally, follow these steps:
- Restart the domain controller.
- Press F8 until when the screen for selecting an operating system appears.
- In the Windows Advanced Options menu, select the Directory Services Restore Mode.
- Log in as a local administrator.
-
To restore from a regular backup, follow these steps:
- Run NTBackup.exe.
- On the Welcome to the Backup or Restore Wizard page, click Next.
- Select Restore files and settings. Click Next.
- Select System State. Click Next.
- On the Completing the Backup or Restore Wizard page, click Advanced.
- In Restore files to click the Original Location. Click Next.
- Select Leave existing files (Recommended). Click Next.
-
In the Advanced Restore Options, select the following check boxes, and then click Next:
- Restore security settings.
- Restore junction points, but not the folders and file data they reference.
- Preserve existing volume mount points.
- For a primary restore of SYSVOL, select the following check box: When restoring replicated data sets, mark the restored data as the primary data for all replicas.
- A primary restore is required only if the domain controller that you are restoring is the only domain controller in the domain. A primary restore is required on the first domain controller that is being restored in a domain if you are restoring the entire domain or a forest.
- Click Finish.
- When the recovery process is completed, click Close.
- If you do not want to restore any objects, click Yes to restart the computer. The system will restart and replicate the new information that was received since the last backup and from its replication partners.
Verify Active Directory restore
- After the recovery process is completed, restart the computer. Active Directory and Certificate Services will automatically detect that they have been recovered from a backup. They will perform an integrity check and reindex the database.
- After you log on to the system, browse Active Directory. Verify that all of the User objects and Group objects presented in the directory are restored. Similarly, verify the files that were members of the File Replication Service (FRS) replica set and that certificates issued by the Certificate Services are recovered.
Find more information about Active Directory recovery scenarios in the Microsoft Knowledge Base at http://support.microsoft.com/kb/263532/en-us.
Note: On Windows Server 2008, use the Windows Server Backup Tools to perform backup and recovery operations.