My private collection of articles found on the net, i dont own them but they helped me.: Forest Recovery Post recovery steps

Personal collection of useful articles found on the web, NOT for public use, just for MY quick reference. Just in case you created one.
   Specializing in Office Communications Server, Exchange, Active Directory ,TMG 2010, ISA 2006,System Center Operations Manager and Powershell

Forest Recovery Post recovery steps

Perform the following post recovery steps as needed:

Ensure DC's are health by running admin scripts below

Â· After the entire forest is recovered, you can revert to the original DNS configuration, including configuration of the preferred and alternate DNS servers on each of the domain controllers. After the DNS servers are configured as they were before the malfunction, their previous name resolution capabilities will be restored. Delete any DNS records for domain controllers that have not been recovered.

Â· Delete Windows Internet Name Service (WINS) records for all domain controllers that have not been recovered.

Â· You can transfer the operations master roles to other domain controllers in the domain or forest and add more global catalog servers based on your pre-failure configuration.

Â· Because the entire forest is restored to a previous state, any objects (such as users and computers) that were added and all updates (such as password changes) that were made to existing objects after this point are lost. Therefore, you should re-create these missing objects and reapply the missing updates as appropriate.

Â· You might also need to restore outgoing trusts with external domains, because these external trust relationships are not restored automatically from backups.

Â· If you suspect that the forest-wide failure was related to network intrusion or malicious attack, you can reset the account passwords for members of the Enterprise Admins and Domain Admins groups.

Â· Restore or reinstall any software applications that were running on domain controllers before recovery. Restoring AD DS on the first domain controller in the domain also restores the registry because they both are part of System State data. Keep this in mind if you had any applications running on these domain controllers and if they had any information stored in the registry.

Â· For client computers, you might have to reset their secure channel with domain controllers or rejoin them to the domain. To reset the secure channel, you can use Netdom.exe. At a command prompt, type the following command, and then press ENTER:

netdom reset /domain:

Repadmin /replsum

dcdiag /test:CheckSecurityError /s:DRDC01

repadmin /showrepl

w32tm /monitor

dcdiag /s:DCName

dcdiag /test:dns /e /s:DCName

dcdiag /test:netlogons /v /s:DCName

dcdiag /test:fsmocheck /s:DCName

<<NTDS.ps1>>;