This operation might be done when you’re trying to restore a valid copy of DC in a multi-DC environment, while the entire AD is corrupted at some point (ex. But let’s dig inside anyway so you understand the reasoning. Veeam Endpoint Backup: bare-metal recovery Performing a restore of a Domain Controller in an authoritative modeĪs a reminder, you most likely you don’t need this type of restore. After a restore with Veeam Endpoint Backup, your DC will boot into a recovery mode and you will need to decide whether you’d like to reconfigure registry keys or reboot into a normal mode right away. Keep in mind that the special logic of Veeam Backup & Replication will not be applied here. You will need a Veeam recovery media prepared beforehand and the access to the backup file itself (USB disk or a network share). Here you can read about Bare-metal restore of a backup using Veeam Endpoint Backup. Veeam Backup & Replication: Entire VM recovery
#Ps1 controller back update#
The DC will be aware of the restored from the backup state and start acting accordingly, invalidating the existing database and allowing replication partners to update it with the most recent information. Boot it into a Directory Services Restore Mode (DSRM) mode.Veeam recognizes the DC role of this VM and gently restores it using special logic: The cool thing here is that, due to the application-aware image processing we used within a VM backup, you don’t have to do anything else at the moment. Choose if the restore should happen to the original location or a new one.Choose the Restore Entire VM option from the recovery menu.Restoring a DC from Veeam Backup & Replication backup is quite easy.
Let’s go back to the backup files I created when I wrote the previous article. This way, you allow other DC(s) to take over and you don’t need to fix a broken DC. NOTE:Another important practice is to leave a failed DC out of scope and seize its roles, as well as perform metadata cleanup if it is not likely to be coming back. For an authoritative restore with Veeam, see below for some additional steps, which are required. Due to this, the logic of Veeam Backup & Replication was developed accordingly, and by default, it performs automated, non-authoritative DC restore, assuming that it was not the only DC in place.
In addition, restoring a DC in authoritative mode can be harmful and cause further damage. In most scenarios, a non-authoritative restore is what you need because it’s usually a multi-DC environment. With an authoritative restore, the DC claims itself as the only one with correct information and a valid database, and it authoritatively updates other DCs with its own data. The difference between those two restore types is that within a non-authoritative restore, the DC understands that it was out for a while, so it lets other in site DCs update its own database with the latest changes that occurred when it was down. Whenever you’re about to restore a DC, first determine whether a non-authoritative restore is enough, or if should you go further and perform an authoritative restore. Performing a restore of a Domain Controller in non-authoritative mode Here are the benefits of using DFSR over FRS. Refer to this article to determine whether FRS or DFSR is used in your domain.
#Ps1 controller back windows#
If the first domain controller of the domain was promoted to Windows Server 2008 functional level or higher, then you’re using DFSR. Since Windows Server 2008, DFSR has been a default option for SYSVOL replication. It was replaced by the DFSR in later Windows Server OS (operating system) versions. NOTE:FRS is a service for distributing shared files and Group Policy Objects (GPO) in Windows Server 2000 and Windows Server 2003.