How to restore a domain controller from backup in Active Directory

So what is your disaster recovery plan for the failure of a single domain controller?

There are actually two answers to that question:

The first solution, restoring from backup, isn't as simple as it seems. Although the most direct method is to repromote the domain controller as described above, there are cases when a restore from backup is required. For instance, restoring an entire domain or an entire forest where no active domain controller exist is only possible by restoring the system state of one domain controller in the domain, then installing other servers and promoting them to domain controllers. There is no reason to restore other domain controllers from backup. In a multiple domain forest, you must restore the root domain first, followed by child domains.

In restoring a domain controller from backup media, it is important to note the following: I have worked with administrators who decided to restore a fail

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Active Directory Backup and Restore How to build redundancy in Active Directory replication An alternate strategy for DNS server backup Diamonds are forever, but not Active Directory backups How do I add a backup domain controller in Windows NT? Tools for quick recovery of deleted Active Directory objects Active Directory disaster recovery: Protecting the enterprise from the administrator Creating Active Directory replicas from backup tapes How to use Install from Media to restore a domain controller Chapter of the Week: Active Directory Cookbook for Windows Server 2003 and Windows 2000 -- Chapter 16, 'Backup, recovery, DIT maintenance and deleted objects' Unable to restore critical information after moving user accounts via LDIF Active Directory Administration Using Active Directory to manage Macs in a Windows environment Troubleshooting poor Windows logon performance in Active Directory environments Common Active Directory security oversights Scripting domain controller installations: A must for Server Core Taming the LSASS.exe process for Active Directory performance and security Troubleshooting Active Directory database errors Active Directory database basics: Performing an offline defrag Branch office security: Pros and cons of read-only domain controllers Tips for Windows domain controller optimization How to rebuild the SYSVOL tree when none exists in Active Directory

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ed domain controller from backup tape, often with near disastrous results. In one case, two domain controllers failed and could only be restored using tapes from different days. It took two days to get the system working again, and we did it by doing what they should have done in the first place – manually demote the domain controller, clean up the Active Directory, wait for replication then repromote it with the same name.

It's important to note that one of the common reasons for demoting and repromoting a domain controller is because replication is broken. But if replication is broken then demotion via DCPromo is not going to work either.

[IMAGE]
[IMAGE]Disaster Recovery Planning for Active Directory
[IMAGE]
[IMAGE] Part 1: How to create an AD replication lag site to minimize disasters
[IMAGE] Part 2: How to build redundancy in AD replication
[IMAGE] Part 3: How to restore a domain controller from backup in AD
[IMAGE] Part 4: How to use Install from Media to restore a domain controller

Gary Olsen is a systems software engineer for Hewlett-Packard in Global Solutions Engineering. He wrote Windows 2000: Active Directory Design and Deployment and co-authored Windows Server 2003 on HP ProLiant Servers. Olsen is a Microsoft MVP for Windows Server-File Systems.