Active Directory Disaster Recovery Paul Simmons Support Engineer Directory Services Microsoft Corporation

Definition  Resolving problems on Microsoft ® Windows ® domain controllers that affect client, domain, or forest operation– In the least amount of time In the least amount of time With the least amount of pain With the least amount of pain With the best possible results With the best possible results

Preventive Maintenance  Use good hardware and test it regularly  Test deployments in a lab before deployment  Practice recovery scenarios in a lab  Remove single points of failure  Never have only one domain controller in a domain  Back up before and after every major state change

Recovery Options  Rebuild Winnt32, Dcpromo, and Re-replicate Winnt32, Dcpromo, and Re-replicate Known recovery time and results Known recovery time and results  Restore Windows Backup (Ntbackup.exe) to restore to a known good state Windows Backup (Ntbackup.exe) to restore to a known good state Re-replicate Re-replicate  Repair Esentutl repair of database is a last resort Esentutl repair of database is a last resort Use integrity check to see if database is damaged Use integrity check to see if database is damaged

Recovery Tools  Ntbackup – System State  Ntdsutil – Metadata Cleanup  Esentutl – Database Validation and Repair  Winnt32 – Rebuild  Dcpromo – Re-promote  Component level recovery FAZAM FAZAM Dfsutil.exe Dfsutil.exe

Ntbackup  Features: Backs up Active Directory ® in online mode Backs up Active Directory ® in online mode Scheduled backups Scheduled backups  What to back up System state: Active Directory, boot files, registry, and more System state: Active Directory, boot files, registry, and more  Resources: Q240363: “How to Back Up and Restore the System State” Q240363: “How to Back Up and Restore the System State” Q233427: “Files and Folders Not Backed Up Using the Ntbackup.exe Tool” Q233427: “Files and Folders Not Backed Up Using the Ntbackup.exe Tool”

Backup Limitations  Backup life = tombstonelifetime value Default = 60 days old Default = 60 days old Password change interval = 30 days Password change interval = 30 days Password history = 2 (current and previous) Password history = 2 (current and previous) Backup useful life = 60 days or two default password changes Backup useful life = 60 days or two default password changes Old backups can reintroduce tombstoned objects Old backups can reintroduce tombstoned objects  Schema rollback is not supported

Ntdsutil  Metadata cleanup Remove orphaned domain controllers or domains Remove orphaned domain controllers or domains  Integrity check and repair Wrapper around Esentutl Wrapper around Esentutl Tells you if database is damaged Tells you if database is damaged  Authoritative restore Mark selected objects on domain controller as authoritative Mark selected objects on domain controller as authoritative

Nonauthoritative Restore  What is it? Restore to known good point using Ntbackup Restore to known good point using Ntbackup Reboot into Active Directory mode to sync changes Reboot into Active Directory mode to sync changes  When to use Recover from hardware failure Recover from hardware failure Return to known good state on single domain controller Return to known good state on single domain controller  Options Rebuild server from scratch. Re-run Dcpromo. Rebuild server from scratch. Re-run Dcpromo. Restore machine to a known good point and sync deltas. Restore machine to a known good point and sync deltas.

Authoritative Restore  What is it? Restore to known good point using Ntbackup Restore to known good point using Ntbackup Make objects on reference domain controller as “master copy” for Active Directory Make objects on reference domain controller as “master copy” for Active Directory  When to use Accidental deletion or modification of objects or containers in the Active Directory Accidental deletion or modification of objects or containers in the Active Directory Corruption of objects/attributes in the directory Corruption of objects/attributes in the directory  Options Find a good domain controller that has the objects and make it authoritative Find a good domain controller that has the objects and make it authoritative Restore from a backup that contains the objects and make it authoritative Restore from a backup that contains the objects and make it authoritative

Authoritative Restore  Boot into offline restore mode Press F8 during boot phase Press F8 during boot phase Log on with offline administrator account Log on with offline administrator account  Mark objects in Ntdsutil as authoritative Find machine with objects or restore them Find machine with objects or restore them Restore subtree or entire database (rare) Restore subtree or entire database (rare)  Best practice Use most specific distinguished name path needed for recovery Use most specific distinguished name path needed for recovery Restore Active Directory over Terminal Services–Q Restore Active Directory over Terminal Services–Q256588

Winnt32 and Dcpromo  What is it? Reinstall of OS Reinstall of OS Run Dcpromo Run Dcpromo  When to use Known recovery time and end result Known recovery time and end result No applications or services to protect No applications or services to protect  Options Maintain standby server that can be shipped to remote site Maintain standby server that can be shipped to remote site

Scenarios  Hardware failure  Deleted objects in Active Directory  Flexible Single Master Operation (FSMO) recovery  Demo of authoritative restore

Hardware Failure  Scenario: Domain controller experiences catastrophic hardware failure Domain controller experiences catastrophic hardware failure  Goal: Replace bad hardware or entire server and resume operations Replace bad hardware or entire server and resume operations  Given: Valid backup Valid backup Identical hardware Identical hardware

Hardware Failure (2)  Process Replace server or hardware Replace server or hardware Restore from tape backup Restore from tape backup Re-replicate Re-replicate  Alternatives Winnt32 and Dcpromo Winnt32 and Dcpromo

Hardware Failure (3)  Restore to dissimilar hardware Q263532: “Disaster Recovery of Active Directory on Dissimilar Hardware” Q263532: “Disaster Recovery of Active Directory on Dissimilar Hardware”  Requirements Same number of drives and drive letters Same number of drives and drive letters Complete backup of system state and system drive Complete backup of system state and system drive Same NICS, video cards, HAL, kernel, and number of processors Same NICS, video cards, HAL, kernel, and number of processors Remove teaming network cards on target Remove teaming network cards on target Same disk drive controller and configuration Same disk drive controller and configuration

Deleted Objects in Active Directory  Scenario Critical objects have been deleted from Active Directory Critical objects have been deleted from Active Directory  Goal To recover the objects without re-creating them To recover the objects without re-creating them  Given A valid backup A valid backup

Deleted Objects in Active Directory (2)  Resolution; restore from tape and authoritative restore in Ntdsutil: Restore recent backup containing deleted objects Restore recent backup containing deleted objects Mark deleted objects as authoritative using Ntdsutil Mark deleted objects as authoritative using Ntdsutil Authoritative restore in Ntdsutil Authoritative restore in Ntdsutil  Alternative: Find replica domain controller that hasn’t received the deletions Find replica domain controller that hasn’t received the deletions Mark deleted distinguished name as authoritative (no restore required) Mark deleted distinguished name as authoritative (no restore required)

Deleted Objects in Active Directory (3)  Protection Set replication schedule once every four days on “backup domain controller” Set replication schedule once every four days on “backup domain controller” Mark objects as authoritative when deletion detected Mark objects as authoritative when deletion detected

FSMO Recovery  Flexible Single Master Operations (FSMO)  Q223787: “Flexible Single Master Operation Transfer and Seizure Process”  Transfer roles Preferred Preferred Graceful Graceful  Seizure of roles Last resort Last resort That server cannot come back online…EVER. That server cannot come back online…EVER.

Ntdsutil FSMO Transfer UI

Demo: User Objects Created

Demo: Repadmin /Showmeta

Demo: System State Backup

Demo: Deleted Objects

Demo: Restore System State

Demo: Advanced Options

Demo: Authoritative Restore

Demo: Authoritative Restore (2)

Demo: Repadmin /Showmeta with Incremented Version Numbers

Additional References:  Server recovery: ministration/fileandprint/recovery.asp ministration/fileandprint/recovery.asp ministration/fileandprint/recovery.asp  Q241594: “HOW TO: Perform an Authoritative Restore to a Domain Controller in Windows 2000”  Microsoft Windows 2000 Server Distributed Systems Guide, Chapters 9 and 10