Restoring Active directory with BE2014
Hi there,
first of all - I don't have an actual problem, just thinking about "what if...".
Ok, what, if I have to revert my AD to an earlier point of time. I now about authorative restores but I hope I can accomplish this only with BE.
Currently we use 3 DCs ... one 2008, that holds all the FSMO-roles and another 2008 that is just global catalog. Same for a 2012R2.
When I plan to revert my AD let's say to last week, do I only have to restore the system state of the main DC? Does BE treat this as an authorative restore? Do all reverted changes automatically replicate to my other DCs?
Sorry if this may feel like a NOOB-question, but when I am facing the problem I'd like to know what I can expect when messing around with a DC.
Thanks :)
Marcel
No. There is no simple way to do an AD authoritative restore.
To do an authoritative restore of AD, you must follow the authoritative AD restore steps given in the first document referenced earlier. In fact, it would be like recovering the server. Unless you are absolutely sure that the contents of the C: drive is exactly in sync with the registry, then you need to restore the contents of the C: drive to what it was a week ago before restoring the system state from a week ago.
The moral of the story is that you hope that you never have to restore AD. Have a couple of DC's so that the failure of a DC will not crash the entire AD. Use the BE AD agent if you have a need to restore deleted AD objects which is probably the only reason why you need to revert your AD to a week ago. Also remember that by reverting to the AD state one week ago means that all the changes since then would be lost, e,g any user who changed their password during this period would revert to their old password. You can imagine the chaos that would ensue.
