Guide: Restore Domain Controller from Windows Server Backup

Quick navigations:

• What is domain controller?
• Why need to restore domain controller from backup?
• Authoritative Restore VS Non-authoritative Restore
• How to restore Active Directory from system state backup 
• Bonus tip: best way to restore domain controller from Windows Server

What is domain controller?

Domain controllers serve as vital components within a Windows Server environment, responsible for overseeing network resources and facilitating user authentication. Consequently, safeguarding the availability and integrity of domain controller data becomes paramount in maintaining the stability and security of the network.

Nevertheless, despite proactive measures, domain controllers may encounter hardware failures, software corruption, or even fall victim to malicious attacks. In such circumstances, the restoration of a domain controller from a backup becomes imperative.

To assist you in this process, we have prepared a comprehensive step-by-step guide that outlines the procedure for restoring domain controller from Windows Server Backup.

Why need to restore domain controller from backup?

There are several reasons why restoring Server domain controller from a backup may be necessary:

①One such instance is when the existing server experiences a hardware failure, rendering it ineffective. In such cases, the domain's continuous operation relies on restoring AD to a new server.
②Additionally, server migration may require the transfer of the domain to a different server, typically prompted by the need for device replacement. Consequently, restoring AD to a new server becomes imperative.
③Moreover, when upgrading the hardware or software of the current server, the restoration of the domain controller to a new server might be warranted.

These situations underscore the importance of having a comprehensive backup strategy and the ability to restore AD seamlessly, ensuring the uninterrupted functioning of the domain.

Authoritative Restore VS Non-authoritative Restore

Ⅰ. Authoritative restore:

An authoritative restore is a special type of restore that is only used in specific scenarios. For example, all other DCs in the domain have been destroyed, or the NTDS database has been corrupted.

The restored DC using the authoritative restore is considered the master copy and is replicated to all other DCs in the environment.

Ⅱ. Nonauthoritative restore:

The nonauthoritative restore is the much more common restore scenario. It assumes that you have other domain controllers with a healthy Active Directory database. The recovered DC replicates the Active Directory database from healthy domain controllers in the environment.

How to restore Active Directory from system state backup 

To perform a nonauthoritative restore of DCs in your Active Directory environment, you need to restart the domain controller in Directory Services Restore Mode (DSRM) using msconfig command. DSRM is a special mode that allows maintenance operations on the Active Directory database.

Preparations:
☛Installed Windows Server (same version) on a new machine. And configure the server’s network settings (IP address, DNS server, subnet, gateway, etc.) to make sure they’re the same as the failed DC.
☛Once the new server is up, do not make any changes, like changing the computer name, installing the AD Domain services role, and joining the domain.
☛Install the Windows Server Backup feature by running the below command in an elevated PowerShell session:
Install-WindowsFeature -Name Windows-Server-Backup -IncludeAllSubfeature –IncludeManagementTools

Ensure that the Windows System State Backup is accessible on the server. It may be on a network share or a storage device, whether internal or external. In this example, the Windows System State Backup is in Drive E.

Step 1. Click Boot> Safe Mode> Active Directory repair> OK.

Step 2. On the next prompt, click Restart.

Step 3. Once the Server restarted, log in using the local Administrator account.

Step 4. Then launch the Windows Server Backup console by running wbadmin.msc.

Step 5. Once the Windows backup console is up, click the Recover link.

Step 6. Then you need to make decisions on the Recovery Wizard page. On the Getting Started page, select the A backup stored on another location option and click Next.

Step7. Then choose the location type depending on your backup is stored. Here we choose Local drives and click Next to continue.

Step 8. Choose the Backup location from the dropdown list and click Next.

Step 9. The Recovery Wizard will scan the drive and discover the backup image.

For example here W19DC2 Active Directory server is found by Wizard, then select the server name and click Next.

Step 10. If there are multiple backup instances, select the backup date and time. In this example, we only have one backup. Click Next.

Step 11. Select System State as the recovery type and click Next.

Step 12. On the Select Location for System State Recovery, choose the Original location option and click Next. Do not enable the Perform an authoritative restore of Active Directory files because we’re performing a non-authoritative recovery in this scenario.

Step 13. You’ll see a warning that you’re restoring a backup from a different server. Confirm and click OK.

Step 14. On the Confirmation page, enable the Automatically reboot the server to complete the recovery process box and click Recover.

Step 15. The Recovery Wizard reminds you that the recovery cannot be paused or canceled. When you’re sure to continue, click Yes.

Step 16. Now wait for the recovery process to finish. Once it completes, the server restarts automatically, but still in the DSRM. Log in using the local administrator account.

Step 17. Then you’ll see the message below detailing that the recovery operation was successful. Press Enter to dismiss the CMD window.

Step 18. Now it’s time to restart the server in normal mode. Open the System Configuration utility by running the msconfig command. Click Boot, uncheck Safe Boot, and click OK.

Step 19. On the confirmation prompt, click Restart.

Step 20. Once restarted, log in using your domain account, and the domain controller has been restored from domain controller backup and restore.

Bonus tip: best way to restore domain controller from Windows Server

System state backup can only be guaranteed to recover the same physical machine or a different physical computer that has the same make, model, and configuration (identical hardware). If you need to recover domain controller from backup to different hardware on other servers, you need professional software to help, frankly to say, that is AOMEI Backupper Server.

It is capable of backing up and restoring software which is designed for Windows Server.  It allows you to make a backup of your server files, disks, partitions and systems as you like.

✈You can store your backups to different locations, like local disk, external hard drive or network share, USB drives, cloud, etc.
✈You are able to create a recovery environment or a bootable device so as to recover a crashed system once there’s something goes wrong on your Server.
✈With the specialized Universal Restore feature, you can restore Windows Server AD to dissimilar hardware without boot issues.

In this section, I'll walk you through the detailed steps required to perform an authoritative restore domian controller with the best server backup and restore software AOMEI Backupper.

✍Preparations:
◆Download the 30-day free trial to give it a try and launch it.
◆Prepare a USB drive and insert it to the target Server and make sure it can be detected.

Preparations for domain controller recovery

Step 1. Click Tools on the left panel and then you need to choose Create Bootable Media to create a Windows Server bootable USB drive that can boot the target machine into WinPE regardless of the OS version.

Step 2. In AOMEI Backupper, click Backup and then System Backup. The boot-related drives are selected by default. Follow the wizard to complete backup domain controller.

Restore domain controller from backup

Step 1. Insert the bootable USB drive on the destination Server. To boot from the bootable drive, you may need to change the boot priority.

Step 2. Once startup, you’ll see the loaded AOMEI Backupper Server. Click Restore and Select Task to select your system image.

Step 3. Then, select System Backup you want to restore and click Next.

Step 4. Tick Restore this system backup and Restore system to other location then click Next.

Step 5. Select the destination disk to restore the image, and click Next.

Step 6. On the summary page, make sure the Universal Restore option is checked. 

Step 7. Click Start Restore, and wait for a while until it completes.

Step 8. Disconnect the bootable drive and restart the destination Server from the restored system. Then you can use the same configurations of the domain controller.

In the end

Now you can succeed in restoring domain controller from Windows Server Backup, which is common and often used, however, if you want to restore domain controller from backup 2012 R2 to different hardware, AOMEI Bakcupper Server is time-saving and more feasible to satisfy. For some users, when you are in need of installing domain controller Windows Server 2012 or other versions, AOMEI Backupper can also provide professional assistance.