Here is my mini how to – I have tried to keep it as simple as possible:

Backing Up Active Directory

Active Directory depends on the system state and the NTDS database among other things. So it is important to back these up on your domain controller. It is critically important to ensure that the system state data on a domain controller is backed up regularly since this contains all the core system files that are required to run a domain controller. Manually selecting what needs to be backed up will be extremely complicated and could be error prone – stay away from that path – just backup the entire system state.

What needs to be backed up? – System State

What kind of Backup needs to be run? – Full backup of the system state.

How often is good enough? – Daily – You will thank me for this

Restoring Active Directory (for experts who just need the short version)

There are two types of restores:

1. Normal Restore – This was also called the Non-Authoritative restore. This is generally performed when you need to restore a domain controller that has failed and there are other domain controllers on the domain. Another option would be to just reinstall the domain controller, clean up the AD metadata of all references to the failed DC and then promote the new server to a DC and replicate. If you are in a situation where you cannot do that, to perform a normal (or Non-Authoritative restore) you would:

a. Boot the domain controller into the Domain Services Restore Mode .

b. Restore system state

c. Reboot into the normal mode.

d. Replicate from other domain controllers.

2. Authoritative Restore – This would be performed in cases where you make a mistake like, say, delete an OU. In this case, a normal restore would not help since the OU that you just restored would get deleted again when you replicate changes with other domain controllers. An authoritative restore would help you undo a big mistake by ensuring that you are taken back to a working copy of AD. However, changes that you made since the last full backup would be lost. (So run your full backups daily!). To perform an authoritative restore:

a. Perform a normal restore.

b. Don’t reboot after the restore.

c. Use ntdsutil to get into the authoritative restore mode.

d. Specify if you want to mark the entire database or just a subtree as authoritative.

e. Quit the utility and reboot the server

3. Primary Restore – This restore is only used when you have a major disaster (read complete meltdown) and you have no working domain controllers. In such a case, you will have restore the entire domain from backups. The working process is very similar to the Normal Restore procedure mentioned above. This is how you would do it:

a. Boot the domain controller into the Domain Services Restore Mode .

b. Restore system state – ensure that the advanced option ‘Mark the restored data as the primary data for all replicas’ is checked.

c. Reboot into the normal mode.

Restoring Active Directory (for the rest of us)

1. Normal Restore – Here’s the step by step.

a. Reboot Server

b. During startup press F8 and choose, ‘Directory Services Restore Mode (Windows DCs only)

c. Choose the OS to be started, hit enter.

d. Hit OK at the Safe Mode login.

e. Open up the NTBackup utility.

f. Click next on the welcome page.

g. Select ‘Restore Files and Settings’ from the backup or restore page. Click Next.

h. Choose the backup you want to restore from the ‘What to restore’ page. Click Next.

i. Click Finish to start the restore. (Advanced options are best left untouched for a normal restore unless you want to save the backup elsewhere.)

j. Reboot server.

2. Authoritative Restore –

a. Perform a normal restore as mentioned before.

b. Do not reboot server after the restore.

c. Click on start -> run -> type ntdsutil.

d. Now type ‘authoritative restore’

e. Now specify the components you want to make authoritative. Enter either ‘restore database’ or ‘restore subtree’ along with the DN of the AD object you want to make authoritative.

f. Confirm your actions when prompted.

g. Type quit until the utility exits.

h. Reboot server.

3. Primary Restore –

a. Reboot Server

b. During startup press F8 and choose, ‘Directory Services Restore Mode (Windows DCs only)

c. Choose the OS to be started, hit enter.

d. Hit OK at the Safe Mode login.

e. Open up the NTBackup utility.

f. Click next on the welcome page.

g. Select ‘Restore Files and Settings’ from the backup or restore page. Click Next.

h. Choose the backup you want to restore from the ‘What to restore’ page. Click Next.

i. Click Advanced.

j. Ensure that on the ‘Where to Restore’ page, the default setting ‘Original Location’ is selected. Click Next.

k. On the How to Restore page, ensure that ‘Replace existing files’ is selected. Click Next.

l. On the Advanced Restore Options page – enable the ‘When restoring replicated data sets, mark the restored data as the primary data for all replicas’ option. Click Next.

m. Click Finish to start the primary restore.

n. Reboot server.

o. Go to sleep

PS: As always, please exercise due diligence when using the instructions in a live environment. Kindly do not blame me if something doesn’t work if Microsoft decides to change their code.

Related posts:

1. Setting up Split Brain DNS in Windows Server 2003
2. Symantec Backup Exec Error 0xe00084af (All Versions)
3. Active Directory Audit Script
4. Get list of machines by OS type from Active Directory
5. Active Directory Password Expiry Reminder Email