Recipe 16.4 Performing a Nonauthoritative Restore

16.4.1 Problem

You want to perform a nonauthoritative restore of a domain controller. This can be useful if you want to quickly restore a domain controller that failed due to a hardware problem.

16.4.2 Solution Using a graphical user interface
  1. You must first reboot into Directory Services Restore Mode (see Recipe 16.2 for more information).

  2. Open the NT Backup utility; go to Start All Programs (or Programs for Windows 2000) Accessories System Tools Backup.

  3. Click the Advanced Mode link.

  4. Under the Welcome tab, click the Restore Wizard button and click Next.

  5. Check the box beside System State and any other drives you want to restore and click Next.

  6. Click the Advanced button.

  7. Select Original location for Restore files to.

  8. For the How to Restore option, select Replace existing files and click Next.

  9. For the Advanced Restore Options, be sure that the following are checked: Restore Security Settings, Restore junction points, and Preserve existing mount volume points. Then click Next.

  10. Click Finish.

  11. Restart the computer.

16.4.3 Discussion

If you encounter a failed domain controller that you cannot bring back up (e.g., multiple hard disks fail), you have two options for restoring it. One option is to remove the domain controller completely from Active Directory (as outlined in Recipe 3.6) and then repromote it back in. This is known as the restore from replication method, because you are essentially bringing up a brand new domain controller and letting replication restore all the data on the server. On Windows Server 2003 domain controllers, you can also use the Install From Media option described in Recipe 3.2 to expedite this process.

The other option is described in the Solution section. You can restore the domain controller from a good backup. This method involves getting into DS Restore Mode, restoring the system state and any necessary system drive(s) and then rebooting. As long as the domain controller comes up clean, it should start participating in Active Directory replication once again and sync any changes that have occurred since the backup was taken.

For a detailed discussion of the advantages and disadvantages of each option, see Chapter 13 in Active Directory, Second Edition (O'Reilly).

16.4.4 See Also

Recipe 16.2 for getting into Directory Services Restore Mode and MS KB 240363 (HOW TO: Use the Backup Program to Back Up and Restore the System State in Windows 2000)

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List