it sort of depends on your scenario - just to restore a broken DC, you're fine. To recover deleted objects, you're also mostly fine, as long as these don't have links to the unavailable domains (e.g. group-membership).
to recover the whole domain (i.e. from scratch), you won't get very far without a root DC for issues described by Jorge + others. A full domain restore should not be planned independently of a forest restore - I would certainly advise to get all of the responsible folks at one table and discuss DR scenarios and ownerships for tasks etc. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Donnerstag, 14. April 2005 15:31 To: [email protected] Subject: RE: [ActiveDir] AD Restore Question Just to restore the sub-domain and get it up and running you don't need the root domain. Eventually you will need the root domain because one of the recovery steps are the trusts between the domains, replication will fail for the config and schema container with root domain DCs, authentication may fail (a forest with 2 sub domains and if user 1 sub1 accesses resource in sub2 authentication goes through root domain) Have you seen the Active Directory Forest Recovery document from MS? http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID= 3EDA 5A79-C99B-4DF9-823C-933FEBA08CFE My opinion on this when "designing" a restore procedure and testing it.. Take the complete AD forest into account and all AD aware apps and clients. Don't leave anything out. Jorge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carerros, Charles Sent: donderdag 14 april 2005 15:07 To: '[email protected]' Subject: [ActiveDir] AD Restore Question I have been searching all over for this information, but I can't seem to find any. When I test an AD restore of a sub-domain in a setting where a Root Domain DC is not present (because we test our restores in a completely isolated network) do I also need to restore a root domain controller? I am starting to work on my new DR scheme for AD, but this is the first time that I had to worry about the root domain where I didn't have security to access it or its backup files (the root controllers are maintained by a different Division than the one I'm in). Of course, in a true DR situation, I should have at least one root controller available. Thanks. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
