[ActiveDir] AD Restore Problem

Wed, 05 Oct 2005 06:09:05 -0700

I'm having a problem restoring my AD to different hardware.  I know there are some issues but I hear that people have been able to follow some MS docs and get it done but I can't seem to pull it off.
 
I working with a HP server to Dell hardware and in the next week I will be going from HP to Compaq at our DR test site and I kinda need to get this working.
 
I have included my documentation on how to do this DR restore below and they are the steps that I went through and when I got to the end I still get the blue screen and reboot.  Can someone tell me where I'm going wrong?
 
We are running W2K3 fully patched with the exception of SP1.  DCs are all GCs, DNS and WINS servers.
 
Thanks,
 
Charlie
 

Active Directory Disaster Recovery

Company Name

April 18, 2005, Revision 4

 

 

The ability to recover from a catastrophic disaster is one of the goals of the Network Team.  With Active Directory quickly becoming the core technology for items such as e-mail, Citrix and local workstation security, it is imperative that in the case of a disaster a quick recovery can be had.  This process will outline the non-authoritative active directory restore process. [The authoritative process is used to restore a portion of the Active Directory while leaving parts intact.]

 

Resources:

To conduct a successful restore you must have the correct toolset.  In conducting restores the following items must be had.  It is also important to note that all of this must be accessible without access to network data storage.  In the case of a disaster, there will not be a network data storage to access.

 

q      Tested backup

q      Software that was used to take the backup

q      Server installation CDs (to include hardware drivers)

q      Documentation on how the server was installed

q      Hardware to test the server on (if different hardware, you must have drivers)

q      Workstation hardware

q      Separate VLAN that is not connected to production

q      Restore plan

q      All passwords, recovery and administrative

 

If any of these items are not present then a restore will not be able to be undertaken with success.

 

The current backup strategy of the PRIMARYDC and SECONDARYDC is:

 

            Daily backup using NTBackup to BACKUPSERVER\d$\NetAdmin\AD Backup

            This backup captures the system state and SYSVOL and Net Logon folders

            The server name is used as the backup file

            This is then backed up with the process that backs up BACKUPSERVER

            No automated alert is currently configured to monitor this backup process

 

Process:

 

  1. Review the resources to ensure that all are present.  Once all of the items are gathered then the process may move forward.

 

  1. Install Windows 2003 server on the server hardware using the documentation that outlines the procedure that was taken during the creation of the initial box.  Be sure that you use disk space equal to or larger than the original server and the drive letters MUST be the same or the databases will not be properly restored.  If you do not use the appropriate volume sizes the restore may fail with a blue screen.

 

  1. Patch the server up to the same level of patching that the original server had.  If the original server did not have Windows 2003 SP1, then DO NOT apply that patch until after the restoration process is complete.  The dll and security changes that occur during OS patching can change the system state setup and therefore render your backup useless.

 

  1. Ensure that you install DNS and WINS servers.  (If you do not install DNS and WINS they may not restore correctly and DNS and WINS will then need to be restored manually).

 

  1. Start the computer in Directory Services Restore Mode.

 

    1. Restart the computer
    2. After the BIOS information is displayed, press F8.
    3. Use the Down Arrow to select "Directory Services Restore Mode (Windows Server 2003 domain controllers only)
    4. Use the Up and Down Arrows to select the Windows Server 20003 operating system, and then press ENTER.
    5. Log on with your administrative account and password.

 

  1. Start the Windows Server 2003 backup utility:
    1. Click Start
    2. Point to "All Programs" => "Accessories" => "System Tools" then click "Backup".

 

  1. This procedure provides steps for restoring from backup in Wizard Mode. By default, the Always Start in Wizard Mode check box is selected in the Backup or Restore Wizard. If the Welcome to the Backup Utility Advanced Mode page appears, click Wizard Mode to open the Backup or Restore Wizard.

 

  1. On the "Welcome to the Backup or Restore Wizard" page, click Next.

 

  1. Click Restore files and settings, and then click Next.

 

  1. Select the files that you want to restore (you should have them on the local server), and then click Next.

 

  1. On the Completing the Backup or Restore Wizard page, click Advanced.

 

  1. In Restore files to, click Original Location, and then click Next.

 

  1. Click Leave existing files (Recommended), and then click Next.

 

  1. In Advanced Restore Options, select the following check boxes, and then click Next:

 

a.       Restore security settings

b.       Restore junction points, but not the folders and file data they reference

c.       Preserve existing volume mount points

d.       For a primary restore of SYSVOL, also select the following check box: When restoring replicated data sets, mark the restored data as the primary data for all replicas.           

 

[A primary restore is required only if the domain controller that you are restoring is the only domain controller in the domain.  A primary restore is required on the first domain controller that is being restored in a domain if you are restoring the entire domain or forest.]

 

  1. Click Finish.

 

  1. When the restore process is complete, click Close, and then do one of the following:

 

    1. Change the BurFlags value to d4. [If the restored domain controller's BurFlags value is not changed to d4, sysvol does not share out.]

·         Click Start, and then Run

·         In the Open box, type regedit, and then click OK

·         In the left pane, expand My Computer

·         Expand HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Services, NtFrs, Parameters, Backup/Restore, Process at Startup

·         In the right pane, right-click BurFlags and then click Modify

·         In the Value data box, type d4 and then click OK

 

 

    1. If you do not need to authoritatively restore any objects, click Yes to restart the computer. The system will restart and replicate any new information that is received since the last backup with its replication partners.

 

    1. If you need to authoritatively restore any objects or if you need to create an LDAP Data Interchange Format (LDIF) file to restore back-links on this domain controller, click No to remain in Directory Services Restore Mode. For information about how to proceed with authoritative restore, see Performing an Authoritative Restore of Active Directory Objects.

 

  1. If the server fails to boot properly:
    1. Boot the computer off the Windows 2003 server CD
    2. The repair operation begins after you accept the license agreement and after the Setup program searches for previous installations of Windows to repair
    3. When the Setup program finds the damaged installation, press R to repair the installation  (DO NOT USE THE RECOVERY CONSOLE)
    4. Following the onscreen steps to complete the repair.
    5. When the repair completes, reboot the server.

 

  1. If the server fails to boot past BIOS:
    1. Book the computer off the Windows 2003 server CD.
    2. Select the appropriate HAL option for you computer hardware.
    3. After the HAL loads, select "R" for the Recovery Console.
    4. Logon to the Windows directory that you need to repair by selection the appropriate number (default of 1).
    5. Logon using the DSRM password.
    6. At the command prompt type "disable acpi" and hit enter
    7. Make a note of the registry change.
    8. Type "exit" and hit "enter" to reboot the machine.
    9. When the machine boots, follow step 17 to complete the HAL recreation.

 

  1. Install the Windows 2003 Admin Pack.  (You do not need to install this prior to this point as the dlls will be overwritten if you are forced to follow step 17).

 

  1. If you run ADUC and receive an error connecting to the active directory.  Reboot the server.  During the initial reboot some installation process have not yet completed so the Active Directory does not fully execute.  The secondary reboot will correct this issue.

 

Verification

After a restore is completed verification must be done to ensure that it is functioning correctly.  The easiest way to conduct the verification is to use a laptop that was on the network before the backup was taken.  Simply connect the laptop to the switch that server is on and attempt to authenticate and access resources on the server (a file share could be placed on the restored server to ensure that the authentication process is working correction).  The greatest test would be to down the server that is being restored and plug in the current machine.  Although this will allow the best functional test, if something in the backup went wrong then you could possibly corrupt the production sever.

 

You will want to test the logon scripts and a number of different users (to include administrative user accounts, delegated security user accounts and service accounts).  Once you are fully satisfied with the restore process, this document should be updated and forwarded to the bank for safekeeping. 

Reply via email to