Articles in this section

See more

How to restore Active Directory

Avatar
Jon
  • Updated
Follow

Case 1: Starting from a System Image Backup (.NDF)

For this scenario we just discovered that our primary Windows server has unrecoverable corruption, this could have been due to a failed hard drive where the RAID could not be rebuilt, or had a ransomware virus such as Cryptolocker and now we don't trust it.  Basically, we have a server that is dead in the water and now we need to look to either rebuild or restore it.  In this example this is our primary server, a Domain Controller hosting Active Directory, and/or MS SQL, Hyper-V, and user data files.  We can either restore it from an image backup (if we have one) or rebuild it from scratch.  Luckily using NovaBACKUP Server or Business Essentials software, we had performed both Image backups and File Backups (including System State - AD, Registry, etc.) on a regularly scheduled basis; the Image backup was set to Full, and we had one File Backup set to Full and a second File Backup set to Differential.  The single Image backup (Full mode) job was scheduled to run once a month, the File Backup (Full mode) was set to run once a week, and the File Backup (Differential mode) was set to run every day.  This means that we have a 30 day old Image backup and good file based backups that are much newer, and those are showing as 1-2 days old at the time of the Windows server dying.

The good news is that we can restore the server from our Image / DR backup and get this server up and running.  The bad news is that after restoring that 30 day old Image backup it will mean our restored system is 30 days out of date, including our Active Directory, Registry, applications and files; this is only because we had scheduled the Image backup job to run once a month and that means the age of the Image backup is exactly 30 days old at this point by the time we restore the Image backup to our server.  The server will be back up and running, but some of the content will be outdated at this point and we'd like to get those items that are out of date up to date if possible. This includes Active Directory, since we added 5-10 users in that 30 days time span as well as made password changes on a bunch of accounts based on our password policy, we also had SQL databases and documents that we want to see about now getting up to date.

The other good news at this point is that we can utilize our file backups, which are only 1-2 days old at the time of the server dying, to update some of those items on the restored system which is 30 days out of date after being restored, including System State items like Active Directory, Registry, files, etc. which could even include newer SQL and Exchange databases, or Hyper-V VM's if you were using the Business Essentials edition of NovaBACKUP and have those on the server that failed.

Case 2: System Rebuild

With NovaBACKUP you can restore the Active Directory items that are part of a file backup (.NBD) that contained "System State > Active Directory" items; the Active Directory item from the backup set can be restored to a domain controller by using the instructions in this article.  There are some conditions that have to be met for this to work, otherwise you will damage your machine.  Keep in mind that the currently installed version of Windows (verified by running the 'winver.exe' command) and the currently installed Service Pack level has to be the same on the computer you are attempting to restore to as what was stored in the backup to be able to restore the System State items including Active Directory, this means that you will need to upgrade / patch those items first in order for this to work.  In addition, the name of the machine has to be the same and basically everything has to be functioning in the same way on the system that you will be restoring the Active Directory to, in addition the system has to already be elevated to a Domain Controller and functioning to support this type of AD restore.  

It is highly recommended to take a current image backup of the computer prior to attempting to a restore of any System State items as there is a chance of corrupting the OS if something were to go wrong with the restore.

Prerequisites for restoring to a rebuilt machine:

  • Same machine name as the Original
  • Same Windows build version and Service pack level as the Original
  • Everything must be functionally the same as the Original machine in regards to the Domain and Active Directory configuration
    • This includes already being elevated to a Domain Controller

Objective

Restore from a monthly Image Backup, weekly Full File backup, and a daily Differential File backup. In particular you wish to restore the System State > Active Directory portion of a backup.

If you restored an Image / Disaster Recovery Backup (.NDF), for instance that was from 30 days ago, and that Image backup was successfully restored but now Active Directory is somewhat out of date compared to your newer NovaBACKUP "System State > Active Directory" based file backups, and now you want to restore your Active Directory from a newer, file based NovaBACKUP "System State > Active Directory" file-based backup (.NBD), you can restore Active Directory and get it up to date by using the instructions in this article.

Process: Restoring Active Directory contents for Domain Controllers

NOTE: This will replace ALL Passwords with the values that were stored in the Active Directory backup. This includes Domain Administrator Passwords. Make sure you now the previous password if it changed.

1. Boot Windows in normal mode.

2. Open/Load NovaBACKUP, in Windows running in normal mode.

3. Via the Restore tab, Import the file backup (.NBD) that has the newer System State > Active Directory contents.

  • For information on how to on Import (and Restore) a .NBD file backup please read the KB article here.
  • Note: If you are importing a file backup (.NBD) from a network location, then you must provide the network credentials to give NovaBACKUP access that network path.  The screenshot below shows where you would enter the network credentials after selecting Import and navigating to the network share:

NovaBACKUP_Import_SystemState_backup_network_credentials.PNG

4. Verify that the backup has completed the Import process checking the Log (and Status tab), then go to the Restore tab and look for the backup that you just imported containing the System State components.

  • NOTE: If you do not see it there it could be that the restore index needs to be repaired, you can read the KB article on how to Repair your restore index here. Once that is done repeat steps 2-3 again to Import the backup again.

5. Restore ALL items in System State.

6. Reboot Windows into Directory Services Restore Mode (DSRM).

  • The System State > Active Directory item must be restored an additional time using a special boot mode in Windows called Directory Services Restore Mode (DSRM).
  • Directory Services Restore Mode (DSRM) is a special boot option in Windows.
  • This mode is only applicable to Windows Server domain controllers and it is used to restore or repair an Active Directory database.
  • If there is a need to repair or restore Active Directory database, DSRM has to be used.
  • Restarting in Directory Services Restore Mode takes the domain controller offline, meaning it functions as a regular server, not as a domain controller.

How to Boot into Directory Services Restore Mode

Option 1

If you have physical access to a domain controller, you can access the Directory Services Restore Mode easily. Simply turn on or restart the computer and press F8 prior to the machine booting into Windows, the system will display the Advanced Boot Options.

dsrm

Choose the Directory Services Restore Mode from the menu and press Enter. The server will then boot into Directory Services Restore Mode.

Continue with the section "Once in DSRM" (just below Option 2)

Option 2

Run the Windows tool 'msconfig.exe' and change the boot mode option to switch to the DSRM mode at the next restart, this will save you from having to press F8 during boot time which is more difficult in a VM.  Run 'msconfig.exe' and switch to the "Boot" tab.  Under "Boot options", select "Active Directory repair". Confirm with "OK", and restart the system to start DSRM mode.

mceclip0.png

Note: If you use 'msconfig.exe' to change the boot mode you will need to run the tool again to switch back to "Normal" boot mode (see also Step # 10).

 

Once in DSRM

Once DSRM mode is booted you will be required to log on with the DSRM Administrator account which utilizes the DSRM Administrator password.

  • The DSRM password was defined when this machine was first elevated as a Domain Controller, and likely it may have been forgotten at this point.  This account is the only way that you can login to DSRM boot mode.
  • If you do not know the DSRM Administrator password, then you will probably need to Reset the DSRM Administrator password at this point.
    • To reset the password, you will have to boot the computer in normal Windows boot mode and log on with an account that is a member of the Domain Administrators group.
    • Once logged in as a Domain Administrator, start an Administrator Command Prompt and issue commands below based on the third party help article here and here.
      DSRM_Password_Reset_steps.PNG

 

7. Utilize the local Admin account that uses the DSRM password to continue.

8. Load NovaBACKUP, now that Windows is running in Directory Services Restore Mode.

9. Restore only the Active Directory portion of System State, now that Windows is running in Directory Services Restore Mode.

10. Reboot in normal boot mode.

  • If you used msconfig.exe to modify the boot mode, you may need to run 'msconfig.exe' again and switch from "Active Directory Repair" boot mode to "Normal" boot mode.

11. After logging in, verify that your Active Directory and Registry is up to date as restored from the recent file backup.

12. Now load NovaBACKUP and proceed to Restore all Other Data as needed from your more recent file backups, other than the System State items.

  • If you are using the NovaBACKUP Server version to take your backups that "Other Data" would include user data files.
  • If you were using NovaBACKUP Business Essentials that could include user data files as well as:
    • Microsoft SQL Server databases (hosted locally),
    • Microsoft Exchange mailstore (hosted locally), and/or
    • Hyper-V Virtual Machines (hosted locally).
  • To get these items up to date if necessary and if your newer completed file backup sets (.NBD) contained those items.

For NovaBACKUP Business Essentials customers:

To get your MS SQL databases up to date after performing a Image Backup, you can take the existing MS SQL databases that you need to restore newer versions of, which have the same database names that are active currently, set each of those databases to Offline mode via Microsoft SQL Management Studio:

  • right-click each database, then do Tasks > Take Offline, to set Offline mode on each database.
  • You can follow a KB article that we have on that subject here.

To get your Hyper-V Virtual Machines up to date after performing a Image Backup

  • Take the existing Hyper-V VMs that you are meaning to restore newer versions of, over the top of the existing VMs that are named the same, by renaming each VM via Hyper-V Manager.
  • You can follow a KB article that we have on that subject here.

 

Related articles