Community Forums

[foggy]

This is not required in the case of a single DC recovery. Though you do need to perform authoritative SYSVOL restore on the first DC in case of restoring the whole Active Directory. Here are more good topics on that: Multiple Domain Controllers - How to Backup? and Active Directory and DR Site.

[mwant]

I am refering to restore of the whole domain so yes sysvol restore is required and is frankly a bit of a pain to do manually so it would be very useful to be able to mark sysvol as authoritative as you could do in BE or windows backup as stated. This would be a good funtional addition to Veeam.

I have restored a domain in a live DR situation before and didn't have to mess around with SYSVOL as I used BE so was a bit confused initially when I uncovered the need for it.

I need some backup here from other Active Directory users....

[ori]

mwant, I'm with you on this one. Currently we are not using vss on our DCs in replication jobs because if we do, they become non-functional few minutes after we start them in our DR site. Adding this simple feature would be a great enhancement for us, and I'm sure that for many more.

[SoloIT]

[merged]

I'm trying to restore a single DC from a multi DC environment to a test server. I've restored the VM, let Veeam do the auto-reboot to do the non-authoritative restore, but the DC and AD are not functioning correctly. The sysvol is not being shared, PC's cannot join the domain, etc. I'm running 2008 R2. What is the proper method?

Thanks,
George

[tsightler]

I'm assuming your test servers is isolated from the other environment? How long have you waited? It can take about 15-30 minutes for the sysvol to share out while the system attempts to communicate with other replica partners. Veeam performs some "magic" to overcome this when we boot the DC in a vLab.

[hannisch]

I've one question regarding restoring a dc from Backup or starting a Replika. What is about USN rollback. Does Veeam sets the required registry Key in both situations, automaticly, or will I run into an USN rollback in a multi dc environment, after restore?

Sven

[Gostev]

You will not run into USN rollback, since Veeam performs DC backup and restore according to Microsoft requirements (using VSS).

[SoloIT]

I've let it sit all weekend to ensure the "magic" happened. However, it's still not sharing out the sysvol. I'm not sure if there is something wrong with the backup, or I'm doing something wrong. Guess I'll be calling support.

[SoloIT]

I've exchanged a few emails with tech support, and I'm getting nowhere. I know someone out there is smarter than me and has this figured out. I'm guessing my issue is due to coming from a multiple DC environment to the single DC test world.

[tsightler]

I've let it sit all weekend to ensure the "magic" happened. However, it's still not sharing out the sysvol. I'm not sure if there is something wrong with the backup, or I'm doing something wrong. Guess I'll be calling support.

This "magic" is only performed in a vLab, it doesn't sound like you are using a vLab. Are you backing up with Application Aware Processing enabled?

[dellock6]

The single DC you are trying to boot has all the FSMO roles in it, or are they on another server? Maybe some missing roles are causing the restored DC to hang somewhere. Also, is this DC also an authoritative DNS server for the active directory zone?

Luca.

[ori]

I've let it sit all weekend to ensure the "magic" happened. However, it's still not sharing out the sysvol. I'm not sure if there is something wrong with the backup, or I'm doing something wrong. Guess I'll be calling support.

The first time you start the replica, when the SYSVOL stops to be shared, if you have in the SYSVOL\sysvol\yourdomainname folder a folder named Ntfrs_PreExisting, try this:

- net stop ntfrs
- on the SYSVOL folder, move the content of the PreExisting folder to the root of the SYSVOL\sysvol\yourdomainname folder.
- set the "BurFlags" value in 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup' key to "D4"
- net start ntfrs
- wait to see if SYSVOL is shared.

[SoloIT]

Thanks for all the info. Short version..I had some corruption in my Veeam backup. After doing a new full image, things are working better. However, I have documented my process to maybe help save others down the road. I may have a few extra or unnecessary steps.

1. Restore from Veeam.
2. Allow Veeam to auto-reboot machine. (this can take 30-45 minutes)
3. Copy %systemroot%\sysvol\domain (just in case you need them)
4. Seize all FSMO roles
run ntdsutil
roles
connections
connect to server [servername]
q
seize pdc
seize naming master
seize infrastructure master
seize rid master
seize schema master
q
q
5. Remove other DC refs
run ntdsutil
metadata cleanup
connections
connect to server [servername]
q
select operation target
list domains
select domain [domain number]
list sites
select site [site number]
list servers in site
select server [server number to remove]
q
remove selected server

repeate as necessary to remove other servers
6. Edit network setting to remove other DNS servers
7. Remove old servers from DNS server
including _msdcs
_ldap._tcp.[site].DomainDnsZones.[Domain]
_ldap._tcp.DomainDnsZones.[Domain]
_ldap._tcp.[site].ForestDnsZones.[Domain]
_ldap._tcp.ForestDnsZones.[domain]
8. Stop ntfrs server (net stop ntfrs)
9. Edit registry \HLM\SYSTEM\CurrentControlSet\services\NtFrs\Parameters\Backup/Restore\Process at Startup
BurFlags set to D4 Hex
10. Start ntfrs server (net start ntfrs)
11. Restart server and run dcdiag to ensure clean DC

[rawtaz]

I don't know all of that stuff above, but big kudos for taking the time to jot it down for others!

[zoltank]

Thanks for all the info. Short version..I had some corruption in my Veeam backup.

Do yo know what kind of corruption? What caused it?

What kind of backups were you doing? How long had it been since an Active Full backup?

Do you use SureBackup?