Active Directory Forest Recovery - Cleanup

Article
07/10/2023

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 and 2012 R2

Perform the following post recovery steps as needed:

Revert to the original DNS configuration

After the entire forest is recovered, you can revert to the original DNS configuration, including configuration of the preferred and alternate DNS servers on each of the DCs. After the DNS servers are configured as they were before the malfunction, their previous name resolution capabilities will be restored. Delete any DNS records for DCs that haven't been recovered.

Delete Windows Internet Name Service (WINS) records

Delete Windows Internet Name Service (WINS) records for all DCs that haven't been recovered.

Transfer operations master roles to other DCs

You can transfer the operations master roles to other DCs in the domain or forest and add more global catalog servers based on the configuration before the failure.

Recreate missing objects

Because the entire forest is restored to a previous state, any objects (such as users and computers) that were added and all updates (such as password changes) that were made to existing objects after this point are lost. Therefore, you should recreate these missing objects and reapply the missing updates as appropriate.

Restore outgoing domains and trusts

You might also need to restore outgoing trusts with external domains and forests, because these external trust relationships aren't restored automatically from backups.

Active Directory Forest Recovery - Cleanup

Revert to the original DNS configuration

Delete Windows Internet Name Service (WINS) records

Transfer operations master roles to other DCs

Recreate missing objects

Restore outgoing domains and trusts

Next steps

Feedback

Additional resources