Forum Discussion

aliat_IMANAMI's avatar
aliat_IMANAMI
Brass Contributor
Aug 18, 2021

Set Up for Active Directory Backup

  I came across the following question regarding Backup Setup for Active Directory.   “Creating a forest in every location and every forest has 2 DCs and has a 1way trust to Global AD which is in ...
Active Directory
storage
Windows Server
Dave Patrick's avatar
Dave Patrick
MVP
Aug 18, 2021
so for a single Domain Controller failure, the recommended option is to demote the Domain Controller, wait for few hours to replicate the demotion, and then promote it back again. There is no need to restore Active Directory Backup to recover a single Domain Controller.

 

I would not recommend this method. If a single domain controller fails then the better option is to seize roles to a healthy one (if needed)

Transfer or seize FSMO roles - Windows Server | Microsoft Docs

 

then perform cleanup to remove remnants of failed one.

Clean up AD DS server metadata | Microsoft Docs

Step-By-Step: Manually Removing A Domain Controller Server (microsoft.com)

then rebuild failed one from clean install media. Use dcdiag / repadmin tools to verify health `correcting all errors found` before starting `any` operations. Then stand up the new one, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health.

 

 

 

 

Resources