The restore target must be booted into Directory Services Restore mode.
The Windows name and OS version of the restore target must match the original system.
The OS on the restore target must be installed to the same path as the original system. WINDOWS is the default name for the %SYSTEMROOT% path.
All of the latest OS service packs must be applied to the restore target.
Install the full version of UltraBac on the restore target.
Any new hardware should be matched to the original hardware as closely as possible.
If the restore is being performed remotely, ensure the default UltraBac account has enough authority on the restore target to perform an OS restore.
You must know what functional level your domain/forest is in (2008 / 2008 R2 / 2012 / 2012 R2 / 2016 / 2019) as the restore steps are different depending upon the Active Directory Schema and the Operating System of the Domain Controller.
Once you have completed the first part of the restore under Restoring the System State Using UltraBac then you will complete the restore depending upon the Active Directory Schema level and the Domain Controller Operating System.
Since restore methodologies differ depending on the Active Directory Schema you set up at the time of backup, please review the following sections to find the appropriate restore procedure to continue with the restore
2012/2012 R2/2016/2019 Active Directory Schema with Multiple Domain Controllers
2012/2012 R2/2016/2019 Active Directory Schema with a Single Domain Controller
2008/2008 R2 Active Directory Schema with Multiple Domain Controllers
2008/2008 R2 Active Directory Schema with a Single Domain Controller
|
NOTE: The Windows Service Pack at the restore target must be the same as that of the original machine at the time of backup. |
Return to top
|
NOTE: It is highly recommended to do the authoritative restore from an existing domain controller and not the one you are restoring, this way you will not lose any AD objects and changes since the last backup. |
Restore the system state using the steps provided in Restoring the System State Using UltraBac.
Right click on the Safe Mode Start Menu; click Command Prompt (Admin).
For non-authoritative restores, skip to step 9.
Type <ntdsutil> and then press "Enter."
At the ntdsutil: prompt, type <activate instance ntds>, and then press "Enter."
At the ntdsutil: prompt, type <authoritative restore>, and then press "Enter."
To mark a subtree or object as authoritative,
type in the text "restore subtree <name>", where <name> is a string (e.g. "restore subtree cn=DomainController,ou=DomainControllers,c=DomainName,dc=TopLevelDomainName") of the subtree you want to restore, or
type in the text "restore object <name>" and you must know the full distinguished name of the object or objects that you want to restore
then at the authoritative restore prompt press "Enter." For more information, see Microsoft's documentation on restoring subtrees and objects.
In the same command prompt, type <bcdedit /deletevalue safeboot> and press "Enter."
Restart the computer.
Return to top
Restore the System State using the steps provided in Restoring the System State Using UltraBac.
Right click on the Safe Mode Start Menu; click Command Prompt (Admin).
In the same command prompt, type <bcdedit /deletevalue safeboot> and press "Enter."
Restart the computer.
Return to top
|
NOTE: It is highly recommended to do the authoritative restore from an existing domain controller and not the one you are restoring; this way you will not lose any AD objects and changes since the last backup. |
|
NOTE: Only do these steps on Windows Server 2008 / 2008 R2 / 2012 / and 2012 R2 domain controllers. Do NOT do these registry entries on any Windows Server 2016 or 2019 domain controllers or it will cause a USN rollback error on the domain controller. For Windows Server 2016 and 2019 domain controllers, they are by default already in a non-authoritative mode, and to make authoritative you would use the instructions for NTDSUTIL authoritative restore. |
Stop the DFSR Service on all domain controllers.
Start the Registry Editor.
Navigate to "HKLM\SYSTEM\CurrentControlSet\Services\DFSR."
Create a key called "Restore."
Create a string value called "SYSVOL."
On one of the existing domain controllers:
For the string value called "SYSVOL" give it the value of "authoritative."
Fig. 3 - Registry Options.
On the remaining domain controllers:
For the string value called "SYSVOL" give it the value of "non-authoritative."
Fig. 4 - Registry Options.
Navigate to "HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore."
Create a key called "SystemStateRestore."
Create a string value called "LastRestoreId."
For the string value called "LastRestoreId" give it the value of "10000000-0000-0000-0000-000000000000."
Fig. 5 - Registry Options.
Once the registry settings have been put into place, you must start the DFSR service on the domain controller that was made authoritative, and then on each of the other domain controllers.
To verify the restore was successful open Windows PowerShell and type <repadmin/showrepl>.
Fig. 6 - Repadmin example.
You should see a screen similar to the one above showing all connections as successful.
Once everything has been restored, it is highly recommended to remove the registry settings you entered above.
Return to top
Restore the System State using the steps provided in Restoring the System State Using UltraBac.
Right click on the Safe Mode Start Menu; click Command Prompt (Admin).
In the same command prompt, type <bcdedit /deletevalue safeboot> and press "Enter."
Restart the computer.
Return to top