03-14-2017 12:42 AM
I have a primary domain controller and a secondary domain controller and I would like to know how these restores operate actually.
When I do an SDR restore does it do an Authoritative restore? Or a non authoritative restore? Or is there any option that can be chosen when doing an SDR to specify the method?
Consider I'm doing a manual restore of my domain controller from backup exec after rebuilding my DC again. I boot the server into dsrm mode and then push c drive and then when pushing the system state it give the option arbitrate changes to other servers. If I would check that option and then push the restore is that an Authoritative restore? Or is it still an non authoritative restore?
Quick answers will be greatly appreciated. Thanks in advance.
04-06-2017 05:14 AM
personally, i would only restore a DC in case of a complete disaster.
If you have multiple dc's (more than one) , and one dc has an issue, just reinstall a server and promote it with the dc role, he will automatically sync with the existing DC.
If all your dc's are gone, you can initiate an SDR
04-06-2017 05:20 AM
I agree with Jurgen - although you do need to know which server holds your FSMO roles and take appropriate actions against those roles when using that approach
04-06-2017 05:27 AM
At a very basic level you should only ever do an authoritative restore of AD if you want to take all of your AD environment back to the date of the backup - this is a rare requirement as typically the replicas on your other DCs may contain newer changes that are important to retain and going back in time can cause all sorts of issues.
For instance: if every computer in your environment refreshed it's machine accounts within AD after the backup was taken and then you take AD back in time, every server would have login and authentication issues afterwards.
Oh an although not your question if you only have 1 DC then any DR restore of AD is authoritive as it is the only copy if aD anyway