What is the best way to test a complete restore of my Active Directory 2008 R2.
Not only restore a user account or an OU but the entire AD.
My scarry is that the ntds.dit file where corrupt and the morning no one can logon to the domain :(
My context is simple:
Single Forest, one domain Contoso.fr and multiple Domain Controllers scattered on the world (about 40).
FSMO Roles are on the first DC create name AD-OP-01.contoso.fr
All DCs on the forest are Global Catalog.
Airgap a DC (in case you need to go back to the previous AD)
Get your backup media
Do an “authoritative restore” to one DC (:google: for how-to)
Let replication occur
Test, retest etc before reconnecting the airgapped DC
If the restore fails, make the airgapped DC authoritative before reconnecting it to the network