This section provides an overview of the recommended path for recovering a forest. It is important to understand the recovery roadmap before you proceed with the forest recovery steps, which are described in detail later..

The following list summarizes the recovery steps at a high level:

1.    Perform prerecovery steps.

Prerecovery steps include determining the current forest structure, identifying the functions that each domain controller performs, and other related tasks.

2.    In each domain, perform an offline restore for one writable domain controller.

3.    Starting with the forest root domain controller, introduce the restored domain controllers to the network.

4.    Make the forest root domain controller a global catalog server. Perform replication synchronization between the forest root domain and each domain in the forest.

Although it is preferred that the forest root domain controller become a global catalog, it is possible to elect any of the restored domain controllers to become a global catalog.

While steps 1 through 4 are being performed, you can simultaneously start installing the operating system on each of the remaining writable domain controllers in the forest (that is, on those writable domain controllers that are not being restored from backup). This prepares them for step 5.

You do not necessarily have to rebuild RODCs at this point in the process. Instead, they can continue to allow access to local resources that are cached on the RODCs in their respective sites while the recovery operations are going on in parallel. Local resources, such as users and computers, that are not cached on the RODC in that site will have authentication requests forwarded to a writable domain controller. These requests will fail because writable domain controllers are offline.

If you are using a hub-and-spoke network architecture, you can concentrate first on recovering the writable domain controllers in the hub sites. Later, you can rebuild the RODCs in remote sites.

Remember that some operations in the remote sites, such as password changes, will not work until you recover writable domain controllers.

5.    Install AD DS on the remaining domain controllers in the forest. During the AD DS installation, each remaining domain controller will replicate data from the single domain controller for the domain that you restored from backup in step 2.

6.    Perform postrecovery steps.

 

 

 

Important

Restoring system state backups depends on the original operating system and server of the backup. For example, you should not restore a system state backup to a different server. In this case, you may see the following warning:

"The specified backup is of a different server than the current one. We do not recommend performing a system state recovery with the backup to an alternate server because the server might become unusable. Are you sure you want to use this backup for recovering the current server?"

If you need to restore Active Directory to different hardware, create full server backups and plan to perform a full server recovery.

If the time of the occurrence of the failure is unknown, investigate further to identify backups that hold the last safe state of the forest. This approach is less desirable. Therefore, we strongly recommend that you keep detailed logs about the health state of AD DS on a daily basis so that, if there is a forest-wide failure, the approximate time of failure can be identified. You should also keep a local copy of backups to enable faster recovery.