Use the following steps to manually recover a local Windows computer, which includes non-authoritative and authoritative restore of Active Directory for a domain controller.
To run a manual disaster recovery of a local Windows computer, which includes non-authoritative and authoritative restore of Active Directory for a domain controller
-
Install the original version of Windows.
This basic Windows installation is necessary to provide Backup Exec with a target to which it can restore the system. The computer name, Windows directory, and the file system (such as NTFS) must be the same as the previous Windows installation. This installation will be overwritten by the backed up version, which will restore your original system configuration, application settings, and security settings.
If you are recovering from an entire hard disk failure, use Windows setup to partition and format the new disk during installation.
-
Install Backup Exec to a directory other than where it was originally installed (this is a temporary installation).
Always log on to Windows using the Administrator account or its equivalent during this procedure.
-
Using the Device Configuration Wizard, install the appropriate device driver for the attached media drive.
-
Inventory the media containing the latest full backup of the computer to be recovered.
-
Catalog the media containing the latest full backup of the computer to be recovered. If the subsequent differential/incremental backups are on separate media, catalog those also.
-
Select all sets from the full and incremental backups that contain logical drives on the hard disk. If differential backup sets are to be restored, select only the last differential set. Make sure you include System State and Shadow Copy components as part of the restore selections.
-
On the Properties pane, under Settings, click General, and then select the following options:
-
On the Properties pane, under Settings, click Advanced, and then select the appropriate options.
See Advanced options for restore jobs.
If you are restoring a computer that is the only domain controller in the domain or the entire domain is being rebuilt and this is the first domain controller, select the option Mark this server as the primary arbitrator for replication when restoring folders managed by the File Replication Service, or when restoring SYSVOL in System State.
-
If you are restoring a computer that is the only domain controller in the domain or the entire domain is being rebuilt and this is the first domain controller, reboot the computer after the restore job successfully completes.
Your computer’s operating system is now restored to a pre-disaster state. Your data files have been restored, except those protected by Backup Exec database agents.
-
Do the following to change the Backup Exec services to the local system account.
-
A menu appears that allows you to diagnose and fix system startup problems.
-
Select System State (Windows 2000 and later) or Shadow Copy (Windows Server 2003 and later) components as the restore selections. Run the Restore job.
-
At this point, you can either choose to restore the entire Active Directory, or specific objects from the Active Directory.
See Microsoft’s documentation for running NTDSUTIL for Windows Server 2008/2008 R2.
Restore specific objects from the Active Directory by performing the following:
-
Type Restore Subtree “ou=<OU Name>.dc=<domain name>,dc=<xxx> (without the quotation marks), and then press Enter, where <OU Name> is the name of the organizational unit you want to restore, <domain name> is the domain name the OU resides in, and <xxx> is the top level domain name of the domain controller, such as com, org, or net. You can do this as many times for as many objects you need to restore.
-
Once you have finished restoring Active Directory information, exit NTDSUTIL.