By default Veeam performs a non-authoritative restore of the DC.
This is OK when you restore one DC to production enviroment.
I mostly restore one production DC to test enviroment. I know there are instructions, how to do manually authoritative restore.
Veeam have build-in functionality to perform authoritative restore in SureBackup where I cab choose between authoritative and non-authoritative restore.
I suggest to add possibility to perform authoritative restore to Full and Instant Recovery - at least when "Restore to a new location or with different settings" is selected.
And pls add "Open Logs path" to File or Help menu - as Veeam Off365 have
Just wannted to create the same post with the same content... I also need my DC for my Testlab to restore in authoritative-mode and I always have to do that manually...
+1 for this
This feature would be great as it will reduce the required work afterwards once the DC's have been restored.
In a real DR scenario, you will have other things to attend to so enabling a direct authoritative restore directly from Veeam will reduce time to do the post-work and you can start restoring other things
TL;DR - I want to be able to automate authoritative domain controller restore / failover
One thing we've noticed, is that while SureBackup / SureReplica has a nifty feature to automatically test domain controllers as Authoritative, there's no simple way to restore a backup or turn on a replica as authoritative (that I can find anyways). I opened up case 02463566 to verify, and to also check and see if the mechanism / script used in SureBackup is available to us during a restore and failover (which it isn't).
What we've noticed is that when we restore a DC or turn on a replica, it boots once, then reboots in non-authoritative mode (which is great for most cases, but not all). When the VM reboots into non-authoritative, it moves all of its Sysvol contents into a folder called "NtFrs_PreExisting__See_EventLog". This is where things get hairy. If you're aware of the restore process for domain controllers (like I am now, but was not the first couple of times I had to restore an entire environment), you can go into that folder and copy your sysvol contents into a safe place. If you aren't aware of the restore process, this is an issue. When you go to flip Burflags to D4 in the registry, then run a stop / start of ntfrs, that "PreExisting" folder gets blown away almost immediately. If you didn't copy the contents to a safe place, you have to restore the folder from backup - right after you just restored your DC from backup. In my personal experience, this leads to a "Aw man, WTH is happening with domain replication?", which is never fun when you're already in a likely stressful situation. I'm glad I know what to do now, but I'm sure a lot of people don't and are in for the same "gotcha" that I got.
It would be nice during a restore or failover if you were prompted to do authoritative or non-authoritative restore, and Veeam could leverage the same technology that is baked into SureBackup.
Now this is the part where someone makes me look dumb and tells me it's already a feature.
Adding another checkbox during the restore process that would bring back the DC as authoritative would be quite nice when testing SureBackup and SureReplica jobs.
Thanks for the request, guys. Your voices are counted. Here's the detailed KB describing all the nuances of domain controller recovery, including this scenario.
aaja wrote:Adding another checkbox during the restore process that would bring back the DC as authoritative would be quite nice when testing SureBackup and SureReplica jobs.
It is already authoritative for SYSVOL in case of SureBackup/SureReplica.
foggy wrote:
It is already authoritative for SYSVOL in case of SureBackup/SureReplica.
I'm waiting for the checkbox too! Of course, SureBackup will do authoritative restore but all other restore mechanisms won't provide any solution via wizard. Please, please implement this option!
Looks like that this topic has a lot of votes by multiple customers but it still hasn't been implemented yet. Would this be part of v10 or do we still have to wait for it? Thanks for the clarification!
Hello I was bitten by this and would also like to request a feature for this. It was very unexpected. When we failover to DR, we are not inside of a SureBackup umbrella, we run the actual replicas. We have to have a separate note in our failover documentation that reminds us to complete this step during failover which is undesirable.
