cancel
Showing results for 
Search instead for 
Did you mean: 

Queries on restore of domain controller

Olsenstainbrook
Level 2

I have a primary domain controller and a secondary domain controller and I would like to know how these restores operate actually.


When I do an SDR restore does it do an Authoritative restore? Or a non authoritative restore? Or is there any option that can be chosen when doing an SDR to specify the method?

Consider I'm doing a manual restore of my domain controller from backup exec after rebuilding my DC again. I boot the server into dsrm mode and then push c drive and then when pushing the system state it give the option arbitrate changes to other servers. If I would check that option and then push the restore is that an Authoritative restore? Or is it still an non authoritative restore?

Quick answers will be greatly appreciated. Thanks in advance.

 

 

3 REPLIES 3

jurgen_barbieur
Level 6
Partner    VIP    Accredited

personally, i would only restore a DC in case of a complete disaster.

If you have multiple dc's (more than one) , and one dc has an issue, just reinstall a server and promote it with the dc role, he will automatically sync with the existing DC.

If all your dc's are gone, you can initiate an SDR

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

I agree with Jurgen - although you do need to know which server holds your FSMO roles and take appropriate actions against those roles when using that approach

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

At a very basic level you should only ever do an authoritative restore of AD if you want to take all of your AD environment back to the date of the backup - this is a rare requirement as typically the replicas on your other DCs may contain newer changes that are important to retain and going back in time can cause all sorts of issues.

For instance: if every computer in your environment refreshed it's machine accounts within AD after the backup was taken and then you take AD back in time, every server would have login and authentication issues afterwards.

Oh an although not your question if you only have 1 DC then any DR restore of AD is authoritive as it is the only copy if aD anyway