Announcement

Collapse
No announcement yet.

Restore Active Directory 2008 R2

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restore Active Directory 2008 R2

    Hi all,

    What is the best way to test a complete restore of my Active Directory 2008 R2.
    Not only restore a user account or an OU but the entire AD.
    My scarry is that the ntds.dit file where corrupt and the morning no one can logon to the domain

    My context is simple:
    Single Forest, one domain Contoso.fr and multiple Domain Controllers scattered on the world (about 40).
    FSMO Roles are on the first DC create name AD-OP-01.contoso.fr
    All DCs on the forest are Global Catalog.

    Thanks for help !

  • #2
    Roughly:
    Airgap a DC (in case you need to go back to the previous AD)
    Get your backup media
    Do an "authoritative restore" to one DC ( for how-to)
    Let replication occur
    Test, retest etc before reconnecting the airgapped DC

    If the restore fails, make the airgapped DC authoritative before reconnecting it to the network
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Well it depends on the circumstances that you need to restore IMO.

      You have multiple DC's and assuming that its a local DC issue then remove the DC if possible then build a new one and replicate.

      In a complete DR scenario then you are looking at Tom's method.

      There are probably a multitude of scenarios in between.

      Comment

      Working...
      X