Active Directory Step-by-Step: Disaster Recovery with a System State Backup (v.2003)

아티클
1/17/2024

Scenario

You got a System State backup and your Windows 2003 Domain Controller fails.. what's your next step ?

When it's not the Operating Software but the hardware itself... it's a disaster recovery...

Caution
It's not recommended to run a virtual Domain Controller. See these links for more information Things to consider when you host Active Directory domain controllers in virtual hosting environments, Support policy for Microsoft software running in non-Microsoft hardware virtualization software Please consider those knowledge base's article before doing those steps below.

It's not recommended to run a virtual Domain Controller.

See these links for more information

Things to consider when you host Active Directory domain controllers in virtual hosting environments,
Support policy for Microsoft software running in non-Microsoft hardware virtualization software

Please consider those knowledge base's article before doing those steps below.

You need to weight the PRO and CON of doing thoses steps. Sometime re-doing the domain from scratch will be easier and will take less time, but sometime not. (like if you got an Exchange linked to your AD)

This documentation supposes that you got only 1 Domain Controller and that you have nothing more than a system state to restore it from (like no clone image)

Notes

- You can use the hypervisor you need. In my case I used VMWare for the simple reason the VMConverter can inject hard drive driver.

If you use Hyper-V and the driver is not recognized after the importation of the image. I suggest in that case a forced P2VV as I call it. You take the Hyper-V's image and you run a VMConverter on it to inject the virtual hard disk's driver and after you use SCVM to re-import it. SCVM is used to import VM from VMWare, so it will translate the hard drive driver easily that way.

Tips to know

1 - Always do a snapshot before importing the System State.

2 - Do #1.

3 - Server template should be in your "wallet" before making that procedure.

4 - A server template is for me a simple vanilla server that is pre-activated with a license I have. It is configured in a virtual machine and stored away (burned to a DVD, on a USB stick, etc..). It's ready to be put in any computer and ready to make a "Play" on it to recover anything. (Personal note: I did recover a domain that way and temporally used a receptionist computer to hold the VM until a new physical's server came fast to replace it)

Known Issues

Having different HAL is a nightmare to recover on different hardware. If your DC is 1 core, then recover it to a 1 core VM and if it's multiple core then restore it to a multiple core VM.
If you don't follow my advice, you might fall on STOP error 0x0000007B bluescreen even if your harddisk hardware is the same.

Backing up the server

Before anything, you need a System-State backup, there is some small step to show you how to do it.

Click the start menu and select "Run" and type ntbackup :

Click NEXT with the Wizard option selected :

Select to Save file and Settings :

Select Let me Choose what to save :

Select ONLY System-State :

Select to save it to a File, and select where to save it :

Click Finish

We now wait...

Click Close

Restoring the System State

Start a plain "vanilla" Windows Server template on a hypervisor.

Select F8 in the startup and choose Active Directory Restore :

Choose the system to start with :

Enter in the system :

Click OK :

Copy the system-state to the VM

Click the start menu, select Run and type ntbackup.

Click Next>.

Click Restore Files and settings.

Click BROWSE

Select your Backup File

Click OK

Click System State

Click Advanced

Click NEXT

Click Replace Existing Files

Chooses these options :

Click Finish

Click CLOSE

Note

Create a snapshot before restarting

Troubleshooting

If the HAL differ from the source-destination then try to erase the Processor in the System panel (see below on where to do it)

Re-install the VM guest tools to be sure it will boot (see below if it don't reboot).

Restart in Active Directory Restore Mode :

In the command prompt, type:

ntdsutil <ENTER>

authoritative restore <ENTER>

restore database <ENTER>

Click YES

Go to that Reg key and put BurFlags=d4 - ONLY if it's the last Domain Controller HKLM\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

When finished click Restart After restarting, be ready for a lot of popup ! but the domain login will now work !

After the restart the server is almost done.

Verification

We now have to make sure you use the same IP, and that all roles are OK.

If too many drivers are missing

Convert again the virtual machine with vConverter and inject SCSI driver and the VM tool :

Select the Machine Type and location.

Select the specific option

Click Finish

In Case you have a missing DNS MMC

Go in c:\windows\system32 and re-run adminpack.msi

In case of a HAL mismatch

Update your processor information in your control panel

Final test

Run dcdiag :

다음을 통해 공유