After a restore in Directory Services Restore mode, the domain controller should be restarted in normal mode. When the directory service starts, the domain controller will perform the normal consistency check and the restored directory will then be online.
Be aware that restoring an Active Directory server is always a two-part operation. First, restore the database to a time when the backup was taken. Second, replicate the directory, where the newly restored DSA replicates post-backup updates from other DSAs in the domain and enterprise forest. A computer running on Windows or Windows Server , that contains a replica of the directory service, is a domain controller. The DsRestoreRegister function adds data to the registry that must survive the registry restoration process for the restoration to work correctly.
This procedure involves transaction logs to recover data. Transaction logs are used to make sure that committed transactions are not lost if your computer fails or if it experiences unexpected power loss. Transaction data is written first to a log file, and then it is written to the data file. After you restart the computer after it fails, you can rerun the log to reproduce the transactions that were committed but that were not recorded to the data file.
Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. The restoration process shown below can vary depending on where your backups are stored.
Use the Monitor or Report pages to observe the restore progress and result. This setting will be reverted back by the restoration process. This step is required because the Preferred DNS Server setting of the local network adapter points to itself by default on a Domain Controller. Map the share using different credentials. Test and confirm that correct security permissions to the network share exist before the restore begins.
If you are not able to access the network share in DSRM mode, reboot to normal mode and copy the backup data from the network share to the local drive. This can be accomplished by using the Move Local Backups option in the Tools menu. Scenario 4: Backups are on a Windows Share This scenario is a bit challenging when there is a single domain controller because it requires a connection to the network share when the domain controller is not available.
Please choose the option that applies to your situation: The Server is the Only Domain Controller on the Network If the server is the the only domain controller on the network: Reconfigure the network share where your backup archives are stored to give Share and NTFS read permissions to a local administrator user on the member server. This is required because the member server has to query the Domain Controller to allow connection to its share, but the DC won't be available because it will be in DSRM mode.
If the local administrator user password on the member server is dsrm-password , the connection to the network share will work. If the chosen password is not dsrm-password , map the network drive with the credentials of any local user account but not administrator who has appropriate permissions on the member server.
Assign the same drive letter to the mapped network drive as in the original setup. There are Other Domain Controllers on the Network If there are other domain controllers on the network: If the local administrator user password on the member server is dsrm-password , the connection to the network share will work. Scenario 1: Your server is the one and only domain controller in your environment Restart the server after the System State restore is complete.
No further steps are necessary. Scenario 2: There are multiple domain controllers in your environment The Active Directory database exists and is replicated to every domain controller in your environment.
Synchronization between Domain Controllers took place and deletion of this object propagated to other Controllers. You run a System State restore on one of the Domain Controllers. By default, this is a non-authoritative restore. The restored Active Directory database contains deleted objects, but its version is older than the database present on the other Domain Controllers.
The Domain Controller with the restored Active Directory is rebooted into normal mode, and synchronization with other Domain Controllers will occur. The deleted object that was restored will NOT appear in Active Directory because the synchronization process will once again propagate the deletion of this object.
Option B: Authoritative Restore Authoritative restore is the process of marking Active Directory objects in the restored database as the authority for other domain controllers. Click Start. Click Run. This step is not necessary for Windows To restore a subtree or individual object, type the most appropriate command out of the following and then press ENTER: To restore a subtree for example, an organizational unit and its child objects : restore subtree DistinguishedName To restore a single object: restore object DistinguishedName DistinguishedName is the distinguished name of the subtree or object that is to be marked authoritative For example, if you want to restore a deleted organizational unit named Marketing NorthAm in the corp.
Restart the domain controller in normal operating mode. Restoring Active Directory from Backup Media. Was this article helpful? Thank you for your Comments! Did using only this article resolve your issue?
0コメント