I Need To Make A Change With My IT Support! Call (225) 706-8414

Restoring Windows 2003 Active Directory in a Disaster Recovery Situation

So you blew up Active Directory (AD) and your Domain Controller (DC) and you need to do a restore. This article lists out the steps.

Don't scream just yet - IT support
photo credit: BrittneyBush via photo pin cc

Solution

First, let’s get something out of the way. If you have a network with only a single DC and you lost that DC, then this is going to be iffy. Microsoft really, really, really wants you to run a second DC. So much so, that they make restoring AD with a single DC to be downright near impossible. Here are the rules: If you only have a single DC in your AD, and you lost the DC, then you need to restore your AD backup to the same hardware with the same disk configuration. Yes, you heard that right. Anything else is risky and may or may not result in a restored DC that bluescreens every time it boots.

So! That bit of trivia out of the way, let’s do this.

We rely on the Microsoft Technet article for these steps, which we’ve used in the real world before.

  1. Install Windows 2003 to your hardware, preferably the same hardware and same disk configuration as before.
  2. Dcpromo to the server so that it is a DC. Just name the domain ‘test.local’, etc.
  3. Write down the Directory Services Restore Mode Administrator Account Password you set!
  4. Reboot the server.
  5. Hit [F8] real quick before Windows boots. If you are in VMware, try setting the BIOS screen to load first so you have some time. Optionally, I’ve found that installing CMDCONS ensures you go into the boot menu.
  6. Boot into Directory Services Restore Mode on the server.
  7. Windows will start in Safe Mode.
  8. Log in as “Administrator” with the Restore Mode Password. This confuses people because their AD password won’t work. It’s not the AD password here! It’s the Restore Mode password.
  9. Click Start->All Programs->Accessories->System Tools->Backup
  10. The Backup or Restore Wizard will start
  11. Click Next
  12. Click “Restore files and settings”
  13. Click Next
  14. The What to Restore screen will open
  15. Click Browse
  16. Select your SystemState.bkf file (you may have it named differently)
  17. Click Ok to confirm your BKF selection
  18. You will return to the What to Restore screen.
  19. On the left, you will see Items to Restore. Expand File so that it shows the BKF file and then expand System State. Make sure to click on System State so that it is selected!
  20. The right area will change to show system state data.
  21. Click Next.
  22. The confirmation screen will show.
  23. Click Advanced, not Finish.
  24. Change Restore Files To to Original location.
  25. Click Next.
  26. Ensure Leave Existing Files (Recommended) is selected.
  27. Click Next.
  28. Ensure the following are selected:
    * Restore security settings
    * Restore junction points, but not the folders and file data they reference
    * Preserve existing volume mount pointsIf you are doing a full restore of AD, also select:
    * When restoring replicated data sets, mark the restored data as the primary data for all replicas
  29. Click Next
  30. Click Finish
  31. The restore operation will begin. Sometimes you may be asked for the BKF file again. Just click Okay.
  32. Once the restore operation is completed, click Close.

Do NOT reboot the server just yet!

If this is a Disaster Recovery restore, i.e., there are no DC’s left and this is new piece of hardware, then you must also do this per Microsoft’s KB263532 on the subject:

  1. In the restored domain controller, change the BurFlags value to d4. To do so, follow these steps: 1.Click Start, and then click Run.
  2.  the Open box, type regedit, and then click OK.
  3.  the left pane, expand My Computer.
  4.  HKEY_LOCAL_MACHINE, and then expand SYSTEM.
  5.  CurrentControlSet, and then expand Services.
  6.  NtFrs, and then expand Parameters.
  7.  Backup/Restore, and then click Process at Startup.
  8. In the right pane, right-click BurFlags, and then click Modify.
  9. In the Value data box, type d4, and then click OK.

If you are on the same hardware and disk configuration, you should be gold at this point.

If not, well, chances are that when you try to boot Windows, it will bluescreen. Unfortunately, when you do an AD restore via a System State backup, the HAL, etc., are restored. Does that make sense? No. But that’s what happens. If that happens, try to repair Windows 2003 when it fails to boot.

Concerned About Cyber Attacks?

CLICK HERE >

Want to Migrate to the Cloud?

CLICK HERE >
Office 365

Ready to Experience Microsoft Office 365?

Want the latest IT news directly in your inbox? Subscribe now!