Forest Bare Metal Recovery -



Forest Bare Metal Recovery - Windows & AD Failed

02 February 2011
12:48
To recover: Windows, Disks and Applications
 
Loss of a Active Directory Forest
Requirements: Full Bare Metal backup & System State
You need to make sure that a full server backup is available!
You need to know the DSRM Admin account and password
 
Performing a full Forest recovery of a domain controller by using the GUI
 
Because this is the first writable domain controller in the domain, you must perform a nonauthoritative restore of AD DS and an authoritative restore of the SYSVOL folder
 
An authoritative restore of SYSVOL is required because replication of the SYSVOL replicated folder must be started after you recover from a disaster. All subsequent domain controllers that are added in the domain must resynchronize their SYSVOL folder with a copy of the folder that has been selected to be authoritative before the folder can be advertised
 
If you are restoring a domain controller that runs Windows Server 2008, use Wbadmin.exe to perform a nonauthoritative restore of AD DS. At the same time, perform an authoritative restore of SYSVOL by including the -authsysvol switch in your recovery command, as shown in the following example:
wbadmin start systemstaterecovery -authsysvol
 
The first DC we will restore is the FSMO owner in the root domain, this will be a complete bare metal recovery so that it restores the server with Directory Services installed. Once recovered then the latest system state with authorative sysvol will be recovered.
 
You can use this procedure to perform full server recovery of a domain controller with Windows Complete PC Restore.
There are no administrative credential requirements. No authentication is performed when you start in Windows RE.
Make sure the DC is not connected to the network
 
A full server recovery recovers every volume on the server. Use this type of recovery to recover from hard drive failures or file corruption on the same hardware with the same operating system installed.
A full server recovery reformats and repartitions all disks that are attached to the server. Use this scenario if you want to recover onto new hardware or if all other attempts to recover the server on the existing hardware have failed.
Before you perform a full server recovery, be aware that any existing data that is not included in the backup will be deleted when you complete this operation. This includes any volumes that are currently used by the server but not included in the backup.
For example, suppose you back up drives C, D, and E and disk 1, and the server also includes application data on disk 2. When you use that backup to perform a full server recovery, all the application data on disk 2 is lost.
If you recover to a dynamic disk that is not included in the backup, the partition-and the data that is stored on it-are deleted and then re-created without the data.
 
 
To perform full server recovery of a domain controller by using the GUI
  1. Insert the Windows Server 2008 installation DVD into the disk drive, and then restart the domain controller.
  1. When you are prompted, press a key to start from the DVD.
  1. At the initial Windows screen, accept or select language options, the time and currency format, and a keyboard layout, and then click Next.
  2. At the Install now screen, click Repair your computer.
  3. In the System Recovery Options dialog box, click anywhere to clear any operating systems that are selected for repair, and then click Next.
  4. Under Choose a recovery tool, click Windows Complete PC Restore.
  1. If the backup is stored on a remote server, a message indicates that Windows cannot find a backup on the hard disks or DVDs on this computer. Click Cancel to close the message.
  1. Click Restore a different backup, and then click Next.
  2. On the Select the location of the backup page, perform either set of the following steps, depending on whether the backup is stored locally or on a network shared folder:
    1. If the backup is stored on the local computer, select the location of the backup, and then click Next.

      Or
    1. If the backup is stored on a network shared folder, click Advanced, and then click Search for a backup on the network.
    1. Click Yes to confirm that you want to connect to the network.
    1. In Network Folder, type the Universal Naming Convention (UNC) name for the network share, and then click OK.
    1. Type credentials for a user account that has sufficient permissions to restore the backup, and then click OK.
    1. On the Select the location of the backup page, click the location of the backup, and then click Next.
  1. Click the backup to restore, and then click Next.
  1. If you want to replace all data on all volumes, regardless of whether they are included in the backup, on the Choose how to restore the backup page, select the Format and repartition disks check box.
  1. Note the drive with the backup is already excluded so you can just select next
 
  1. To prevent volumes that are not included in the restore from being deleted and re-created, click Exclude Disks, select the check box for the disks that you want to exclude, and then click OK.
  1. Click Next, and then click Finish.
  1. Select the I confirm that I want to format the disks and restore the backup check box, and then click OK.
  1. Next we need to restore to the best system state
  1. Click Start, click Command Prompt, and then click Run as administrator.
  1. At the command prompt, type the following command, and then press ENTER:
    bcdedit /set safeboot dsrepair
 
  1. Type the following command, and then press ENTER:
    shutdown -t 0 -r
  1. The server will now boot into Directory Services Repair Mode
  1. At the Windows logon screen, click Switch User, and then click Other User.
  1. Type .\administrator as the user name, type the DSRM password for the server, and then press ENTER.
  1. Click Start, right-click Command Prompt, and then click Run as Administrator..
  1. At the command prompt, type the following command, and then press ENTER:
 
  1. wbadmin get versions -backuptarget::
    -machine:
  1.  wbadmin get
    wbadmin 1.0 - Backup command-line tool
    (C) Copyright 2004 Microsoft Corp.
    Backup time: 1/28/2011 1:05 PM
    Backup target: 1394/USB Disk labeled E:
    Uersion identifier: 01/28/2011-13:05
    onsbackuPtaret:e:
    Can Recover: Application(s), System State
    Backup time: 1/31/2011 12:18 PM
    Backup target: 1394/USB Disk labeled E:
    Ijersion identifier: 01/31/2011-12:18
    Can Recover: Application(s), System State" width="575" height="168">
 
  1. Where:
    • : is the location of the backup that you want to restore.
    • is the name of the computer where you want to recover the backup. This parameter is useful when you have backed up multiple computers to the same location or you have renamed the computer since the backup was taken.
  1. Identify the version that you want to restore.
    You must enter this version exactly in the next step.
  1. At the command prompt, type the following command, and then press ENTER:
    wbadmin start systemstaterecovery -version:
    -backuptarget:: -machine: -authsysvol
    -quiet
  1.  Backup target: 1394/USB Disk labeled E:
    Uersion identifier: 01/28/2011-13:05
    Can Recover: Application(s). System State
    Backup time: 1/31/2011 12:18 PM
    Backup target: 1394/USB Disk labeled E:
    Uersion identifier: 01/31/2011-12:18
    Can Recover: Application(s), System State
    C:\Users\Administrator.DRDCOÍ>wbadmin start systemstaterecovery -version:01/31/2
    011-12:18 -backuptarget:E: -machine:DRDCO1 -authsysvol
    wbadmin 1.0 - Backup command-line tool
    (C) Copyright 2004 Microsoft Corp.
    Do you want to start the system state recovery operation?
    [Y] Yes [N] No y" width="598" height="220">
 
  1. Where:
    • is the version of the backup that you want to restore.
    • : is the volume that contains the backup.
    • t is the name of the computer where you want to recover the backup. This parameter is useful when you have backed up multiple computers to the same location or you have renamed the computer since the backup was taken.

      If you do not specify the -quiet parameter, you are prompted to press Y to proceed with the restore process and press Y to confirm that the replication engine for SYSVOL has not changed since you created the backup.
      After the recovery operation has completed, if you are not going to perform an authoritative restore of any restored objects, restart the server as below
 
Now Restart the server and follow STAGE 2
  1. To restart the server normally after you perform the restore operation, type the following command, and then press ENTER to have the server restart normally:

    bcdedit /deletevalue safeboot

    Type the following command, and then press ENTER:

    shutdown -t 0 -r
 
 
 
 

Posted by Madferret at 15 Feb 2011, 7:57 AM
Categories: Active Directory Recovery
 

What did you think of this article?




Trackbacks
Trackback specific URL for this post
  • No trackbacks exist for this post.
Comments
  • No comments exist for this post.
Leave a comment

Submitted comments are subject to moderation before being displayed.

 Name

 Email (will not be published)

 Website

Your comment is 0 characters limited to 3000 characters.