The restore target must be booted into Directory Services Restore mode.
The Windows name and OS version of the restore target must match the original system.
The OS on the restore target must be installed to the same path as the original system. WINDOWS is the default name for the %SYSTEMROOT% path.
All of the latest OS service packs must be applied to the restore target.
Install the full version of UltraBac on the restore target.
Any new hardware should be matched to the original hardware as closely as possible.
If the restore is being performed remotely, ensure the default UltraBac account has enough authority on the restore target to perform an OS restore.
You must know what functional level your domain/forest is in (2003 / 2003 R2 / 2008 / 2008 R2 / 2012 / 2012 R2 / 2016 / 2019) as the restore steps are different depending upon the Active Directory Schema and the Operating System of the Domain Controller.
Once you have completed the first part of the restore under Restoring the System State Using UltraBac then you will complete the restore depending upon the Active Directory Schema level and the Domain Controller Operating System.
Since restore methodologies differ depending on the Active Directory Schema you set up at the time of backup, please review the following sections to find the appropriate restore procedure to continue with the restore
2008/2008 R2 Active Directory Schema with Multiple Domain Controllers
2008/2008 R2 Active Directory Schema with a Single Domain Controller
2003/2003 R2 Active Directory Schema with Multiple Domain Controllers
2003/2003 R2 Active Directory Schema with a Single Domain Controller
|
NOTE: The Windows Service Pack at the restore target must be the same as that of the original machine at the time of backup. |
|
NOTE: It is highly recommended to do the authoritative restore from an existing domain controller and not the one you are restoring, this way you will not lose any AD objects and changes since the last backup. |
|
NOTE: Only do these steps on Windows Server 2008 / 2008 R2 / 2012 / and 2012 R2 domain controllers. Do NOT do these registry entries on any Windows Server 2016 or 2019 domain controllers or it will cause a USN rollback error on the domain controller. For Windows Server 2016 and 2019 domain controllers, they are by default already in a non-authoritative mode, and to make authoritative you would use the instructions for NTDSUTIL authoritative restore. |
Stop the DFSR Service on all domain controllers.
Start the Registry Editor.
Navigate to "HKLM\SYSTEM\CurrentControlSet\Services\DFSR."
Create a key called "Restore."
Create a string value called "SYSVOL."
On one of the existing domain controllers:
For the string value called "SYSVOL," give it the value of "authoritative."
Fig. 3 - Registry Options.
On the remaining domain controllers:
For the string value called "SYSVOL," give it the value of "non-authoritative."
Fig. 4 - Registry Options.
Navigate to "HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore."
Create a key called "SystemStateRestore."
Create a string value called "LastRestoreId."
For the string value called "LastRestoreId" give it the value of "10000000-0000-0000-0000-000000000000".
Fig. 5 - Registry Options.
Once the registry settings have been put into place, you must start the DFSR service on the domain controller that was made authoritative, and then on each of the other domain controllers.
To verify the restore was successful, open Windows PowerShell and type <repadmin/showrepl>.
Fig. 6 - Repadmin example.
You should see a screen similar to the one above showing all connections as successful.
Once everything has been restored, it is highly recommended to remove the registry settings you entered above.
Stop the DFSR service.
Start the Registry Editor.
Navigate to "HKLM\SYSTEM\CurrentControlSet\Services\DFSR."
Create a key called "Restore."
Create a string value called "SYSVOL."
For the string value called "SYSVOL," give it the value of "non-authoritative."
Fig. 7 - Registry Options.
Navigate to "HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore."
Create a key called "SystemStateRestore."
Create a string value called "LastRestoreId."
For the string value called "LastRestoreId" give it the value of "10000000-0000-0000-0000-000000000000."
Fig. 8 - Registry Options.
Once the registry settings have been put into place, you must then start the DFSR service.
|
NOTE: It is highly recommended to remove the registry settings you entered above after restore is completed. |
|
NOTE: It is highly recommended to do the authoritative restore from an existing domain controller and not the one you are restoring; this way you will not lose any AD objects and changes since the last backup. |
Stop the NTFRS Service on all domain controllers.
Start the Registry Editor.
Navigate to “HKLM\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup."
Double click on "BurFlags."
On one of the existing domain controllers that will be the "authoritative" Domain Controller:
Assign it a value of D4 (hex) or 212 (dec).
Fig. 9 - Registry Options.
On the remaining domain controllers that are "non-authoritative":
Assign it a value of D2 (hex) or 210 (dec).
Once the registry settings have been put into place, you must start the NTRFS service on the domain controller that was made authoritative, and then on each of the other domain controllers.
To verify the restore was successful, open up Windows PowerShell and type <repadmin/showrepl>.
In the power shell window you should see all connections as successful.
Once everything has been restored, it is highly recommended to remove the registry value from the "BurFlags" registry key you entered above.
Stop the NTFRS Service.
Start the Registry Editor.
Navigate to "HKLM\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup."
Double click on "BurFlags."
Assign it a value of D2 (hex) or 210 (dec).
Once the registry settings have been put into place, you must start the NTRFS service. Once everything has been restored, it is highly recommended to remove the registry value from the "BurFlags" registry key you entered above.