Comprehensive data protection for all workloads
Post Reply
Posts: 35
Liked: never
Joined: Jun 25, 2009 6:55 pm
Full Name: Martin Schedlbauer

Restore of all dcs in a domain

Post by schedlbauerm »

As a disaster recovery test I've tried to restore all dcs in our domain.

The dcs first started in safe mode. After the second restart I could logon.

The problem is that on all the restored dcs the sysvol and netlogon shares were missing. The folders existed, but they were not shared.

I think the cause of this problem is that after the restore all dcs are in a non-authoritative state.

Must there be at least one dc running in the domain to do a restore of the other dcs in the same domain ?

Are there best practises for restoring all dcs in a domain with veeambackup ?

Does anybody ever had to do this ? What are your experiences ?

Is a successfull restore of a dc with veeambackup even possible ?

Chief Product Officer
Posts: 31021
Liked: 6428 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland

Re: Restore of all dcs in a domain

Post by Gostev »

Martin, when restoring all DCs in the environment at once, you need to restore the first one in an authoritative mode. Microsoft requires manual procedure for this. Tom had a great post about this here.
Posts: 15
Liked: never
Joined: Nov 02, 2009 1:36 pm

Re: Restore of all dcs in a domain

Post by bbeavis »

I recently had to move around my DCs. Here are a few things I've learned.

1. DCs are time sensitive.
2. Pause, move, resume - when it works, works best.
3. The order they are restored CAN matter.
4. DCs keep and internal "counter" for replications, getting these out of sync can cause headaches.

When moved, I received errors, netlogon was paused and replication failed. After exhaustive troubleshooting, I found the solution. You HAVE to run a commandline program (REPADMIN). The program is provided by Microsoft, but in the Support Tools. You have to download it. A very important tool, and they don't include it in the base install. Basically you run this command to re-enable replication, then resume/restart netlogon. At this point you can use the GUI AD Site tool to replicate manually.

My suggestion is this:

Have one DC that you consider king, and that system should be exclusively a DC. In DR, this is the first this to bring up. Make sure it works and is up to date. Then bring up your other DCs and push the replication from the "king" down to the rest. If the king is hosed, then use a secondary. If you try to bring them all up at the same time, then isolating issues can be tricky. If your DR is temporary, you may consider limiting DCs (heaven forbid even to just one). If you are like me, in DR you have too much going on to be diagnosing weird MS AD quirks. Getting one DC up and moving on is my strategy. After all the critical systems are up, I bring up a second DC.
Post Reply

Who is online

Users browsing this forum: Semrush [Bot] and 66 guests