Active Directory Restore/Application Aware

[jjohns5000]

Hello friends. I am practicing a worst-case scenario for my company and simulating a ransomware attack, simulating an environment where we have zero connectivity. I have purchased a used server identical to our production DC that holds all the FSMO roles. I have stood the test server up using the recovery media and a full backup. I am able to login to the test server but there is no active directory or dns. I see the ntds.dit file and it is same size as our production DC file. I have configured the backup job with application aware selected. Should I be able to see all of my AD objects after the restore or do I need to run through an additional restoration process once the sever has been stood up?

Thanks

[Gostev]

Veeam performs non-authoritative restore, which is what you want when restoring a failed domain controller back into the existing AD. If you're restoring into a "clean" environment with no other domain controllers present, then this a more complex process called authoritative restore which involves manually transferring the FSMO roles to the restored DC etc. So this more of an AD management task, and as such it requires decent AD expertise... otherwise you will need help from Microsoft Support. You can consult Active Directory documentation to get an idea of the whole process. Thanks

[Andreas Neufert]

Please find here some additional guidance and background information: https://www.veeam.com/kb2119