Active Directory Restore

[itgeek]

I restored my domain controller from a VMware snapshot and now its in an error state as my two domain controllers wont talk to each other its in the USN rollback state. My other domain controller is working fine but how do I restore my primary domain controller and not sync with my other dc? I have backups for both the servers dc1 and dc2. Please can you advise? Thank you

It would be good if I could do a test restore first if that is possible. My other option would be to seize all the fsmo roles, what do you think is best?

Thank you in advance

[PetrM]

Hi Richard,

Basically, Veeam B&R performs a non-authoritative restore. This KB covers different scenarios of restoring DC. I guess your scenario would be presented there as well.

Thanks!

[Andreas Neufert]

Maybe clarify as well your statement above. Why do you not want to restore the domain controller and let it sync with the other? THis is the main purpose of a restore.
If you restore with network enabled (!!!) the domain controller will go into non authoritive restore and will sync correctly with the other catalog servers.
When this is done you can move the FSME roles to one of the servers.

[itgeek]

Thank you for the reply.

I do want to restore the server that has died however would like to make 100% sure that this will go into a non authoritative state first? I have just had a look at the veeam job and the box is ticked with enable application aware processing, will that mean that this will go into the state of non authoritative restore? Does veeam know automatically from having the box ticked enable appication aware that this will be a domain controller?

Thanks for all your help

[Andreas Neufert]

Correct, we identify at Application Aware Backup processing and let flags on the system before backup (and removed them after backup).
This will force the server after next restart (at restore) to jump into restore mode.

The only thing that it is needed is that there is a network active at restore.
What you can do for a test for example is to create a isolated virtual switch (not connected to your network) restore the VM to that network (you can change the network for each network card) and restore the server with the checkboxes enabled for Network and Automatic Start.
Open the console and don´t touch mouse and keyboard. You will see that the server will start multiple times after restore ... Give it 10 minutes or so to be sure not to interupt any automatic processing. Then you can logon and check event log and AD stage. You will find statements about the non authorative restore and as well lot´s of errors as it can not reach other AD controllers in the isloated network.

[Andreas Neufert]

When you are sure you can just switch the network card to the right network (it will take a longer time until all replications are started. I think the default value is every 30min). Or just restore the server again into the right network.

[itgeek]

Thank you for the reply. I can confirm that this restored however my domain controller is not replicating and unable to connect via unc. However the failed server that I restored can unc onto the other servers fine.

Thank you for your help.