2 primary domain controller on same system after restore backup file

[minhithvn]

Hi all
For example: I have a problem when trying to restore my domain controller as below:
My system has 1 primary DC(A) and 1 additional DC(B), my primary DC(A) has AD service and special software ( Hennge),I make a backup job for primary domain controller to NAS every day by VEEAM Replication
Unfortunately, my primary DC(A) is broken, must purchase a new one.
In this time, I promote an addtional DC(B) to Primary DC(A1). System runs normally.
After 1 week, my new server(C) will be carried out my office. I do restore my backup file from NAS to new server(C).
But system is now existing 2 primary domain controllers(A1 + C).
What should I do? because I'm not sure after 1 week, domain controller may conflict.
Reason why I need to restore backup file to new server(C) instead of install Windows OS and promote new server(C) to additional DC because on old primary DC (A) has special software (HENNGE), and I can't install HENNGE on Additional DC(B).
pls kindly help me this problem,
Thank you

[Andreas Neufert]

Did you backup the domain controllers with Veeam Guest processing?
The reason why I am asking is that if this is the case and you restore the server with boot option and network connected, then the server will automatically jump into an non-authoritative restore mode automatically.
If not you need to perform this step manually. See Active Directory Documentation.
This ensures that the restored AD controller knows about the restore situation and will connect to the still running AD to get guidance on what to replicate.

If you have already done the restore and now face some issues, then maybe Microsoft or a service partner that specialized in AD can help you figure out the situation.

There is no Primary/Secondary concept anymore in AD. Check FSMO role documentation. As you did you can migrate the roles to other servers in the forest. With Non-Authoritative restore mode the restored AD server will get the information from the forest on who should have what role and will comply with this.
Anyway FSMO roles can be transferred when needed. See Microsoft documentation.

[minhithvn]

Thank you for your information.
I use VEEAM agent and take backup job for all physical server, including OS, software.
Additionally, For FSMO, it already on Primary DC(A1) - promote when old PDC broken, but when restore I face problem: 2 diffence FSMO.
1.FSMO on PDC (A1), promote from ADC
2.FSMO on PDC (C)- new server, exiting from previous broken PDC, after restore backup file. Still disconnect network to prevent affect system
In this case, if I demote PDC (C) on new server, then shall problem be resolved?
Thank you.

[Andreas Neufert]

No, this will not solve it.

If you have enabled the Veeam Guest Processing at backup of second server, then you need to restore the server with boot and network enabled, we will set this server then in non-authoritative restore mode which will allow AD to replicate from the current used environment.

If guest processing was not enabled, you need to restore without boot but with network connection. Then boot the server while interrupting normal boot and enable non-authoritative restore mode (check for this process Active Directory documentation).

I do not know if you can bring your already restored server in a non-authoritative restore mode (with networking enabled).
Just to be on the save side, I would restore the server again on the guidance above.

Your questions are more for an Active Directory specialist then a backup specialist.

[Andreas Neufert]

Here you can find additional guidance:
https://www.veeam.com/kb2119
https://www.veeam.com/blog/backing-up-d ... ction.html

[minhithvn]

Thank you for your useful information.
I will check it again to prevent risk.