Windows 2008 r2 active directory disaster recovery

Also once the replicated DC's at the third party location are up, say this is 2 days later, what steps do I have to perform to ensure that there are no issues replicating with Site B DC, which has been up all the time?

To confirm also then if I do have to seize any of the roles then I will not be able to turn these DC's on again or how does this work? A DC can be down for a period which should not exceed the forest lifetime tombstone period.

Hi, thanks for the answers. Site B continues to function, I do not seize any roles as this is a temporary situation and we willl be aware of new creations in this period. How do I make sure that they do not replicate out of date information to DC3? Office Office Exchange Server. Not an IT pro? Windows Server TechCenter. Sign in. United States English. Ask a question. Quick access. Search related threads.

Remove From My Forums. In this case, you may see the following warning:. We do not recommend performing a system state recovery with the backup to an alternate server because the server might become unusable. Are you sure you want to use this backup for recovering the current server? If you need to restore Active Directory to different hardware, create full server backups and plan to perform a full server recovery.

Beginning with Windows Server , it is not supported to restore system state backup to a new installation of Windows Server on new hardware or the same hardware. If Windows Server is reinstalled on the same hardware, as recommended later in this guide, then you can restore the domain controller in this order:. For more information, see Microsoft KB article If the time of the occurrence of the failure is unknown, investigate further to identify backups that hold the last safe state of the forest.

This approach is less desirable. Therefore, we strongly recommend that you keep detailed logs about the health state of AD DS on a daily basis so that, if there is a forest-wide failure, the approximate time of failure can be identified.

You should also keep a local copy of backups to enable faster recovery. If Active Directory Recycle Bin is enabled, the backup lifetime is equal to the deletedObjectLifetime value or the tombstoneLifetime value, whichever is less. As an alternative, you can also use the Active Directory database mounting tool Dsamain.

Then, you can use an LDAP tool to browse the data. You can also use the ntdsutil snapshot command to create snapshots of the Active Directory database. By scheduling a task to periodically create snapshots, you can obtain additional copies of the Active Directory database over time. You can use these copies to better identify when the forest-wide failure occurred and then choose the best backup to restore.

The target DC can run any version of Windows Server. For more information about using the ntdsutil snapshot command, see Snapshot. Ease of the restore process is an important factor when deciding which domain controller to restore.

It is recommended to have a dedicated DC for each domain that is the preferred DC for a restore. A dedicated restore DC makes it easier to reliably plan and execute the forest recovery because you use the same source configuration that was used to perform restore tests. You can script the recovery, and not contend with different configurations, such as whether the DC holds operations master roles or not, or whether it is a GC or DNS server or not. While it is not recommended to restore an operations master role holder in the interest of simplicity, some organizations may choose to restore one for other advantages.

This DC can be used as a source for cloning. A DC that is accessible, either physically or on a virtual network, and preferably located in a datacenter. This way, you can easily isolate it from the network during forest recovery. A DC that has a good full server backup. A good backup is a backup that can be restored successfully, was taken a few days before the failure, and contains as much useful data as possible.

This saves the time required to reinstall DNS. In this case, BitLocker Network Unlock is not supported to be used for the first DC that you restore from backup during a forest recovery. To determine if a DC is configured to use BitLocker Network Unlock, check that a Network Unlock certificate is identified in the following registry key:. Maintain security procedures when handling or restoring backup files that include Active Directory.

The urgency that accompanies forest recovery can unintentionally lead to overlooking security best practices. Determine the current forest structure by identifying all the domains in the forest.

Make a list of all of the DCs in each domain, particularly the DCs that have backups, and virtualized DCs which can be a source for cloning. A list of DCs for the forest root domain will be the most important because you will recover this domain first. After you restore the forest root domain, you can obtain a list of the other domains, DCs, and the sites in the forest by using Active Directory snap-ins. Prepare a table that shows the functions of each DC in the domain, as shown in the following example.

This will help you revert back to the pre-failure configuration of the forest after recovery. For each domain in the forest, identify a single writeable DC that has a trusted backup of the Active Directory database for that domain. Use caution when you choose a backup to restore a DC. If the day and cause of the failure are approximately known, the general recommendation is to use a backup that was made a few days before that date. Of these backup candidates, you restore only one.

But whether or not the DC is also a global catalog server is not a decisive factor because beginning with Windows Server , all DCs are global catalog servers by default, and removing and adding the global catalog after the restore is recommended as part of the forest recovery process in any case.

The preferred scenario is to shut down all writeable DCs before the first restored DC is brought back into production. This ensures that any dangerous data does not replicate back into the recovered forest.

It is particularly important to shut down all operations master role holders. There may be cases where you move the first DC that you plan to recover for each domain to an isolated network while allowing other DCs to remain online in order to minimize system downtime. For example, if you are recovering from a failed schema upgrade, you may choose to keep domain controllers running on the production network while you perform recovery steps in isolation.