Does AD Restore Always Require a System State Restore to Original Location??

  • Thread starter Thread starter news.micorosoft.com
  • Start date Start date
N

news.micorosoft.com

Hello,

I'm working on DR in our lab W2K environment, and I have a question on the
AD restore process. I've read up on the various restore options (non-auth/
auth/ primary sysvol...), but I'm not clear on at least this one point:

Am I forced to restore the system state to its original location in order to
perfrom either an authoritative or a non-authoritative AD restore?
My confusion revolves around the premise that a system state restore back to
the original location will do much more than just overlay the AD (DIT)
database. I believe it will also roll back the sysvol contents, com, and the
registry. It'd be a bummer if a rolling back one of the other pieces of
system state blew up the machine on the reboot, as in the case of major
registry changes made by some install after the BKF file was created.

I thought maybe there was a method to restore just the AD portion without
touching the other components. Any input would be greatly appreciated.

Thanks,

Jack
 
When you need to restore AD you need to first backup (at least) the system
state which has several components (AD, SYSVOL, registry, boot and system
files, COM+ and some other stuff depending on the role of the machine) and
second you need to restore the system state. Restoring individual components
(using NTBACKUP and other third party backup software) is not possible
neither recommended (and I would say not supported) (although I know of a
backup progr that is able to restore individual components). And yes, you
need to restore it to the original location. Both AD and the SYSVOL, when
restored non-auth., will get up to date when the DC boots into normal mode
and as soon as replication starts from other DCs (unless you have 1 DC in
the domain which is NOT recommended!)
AUTH. restore (and before that you still need a non-auth.) is used for
restoring deleted objects
PRIMARY SYSVOL restore is primary used when restoring a complete domain or
the contents of the SYSVOL is so bad you need to restore that from backup.
Reminder here is that when you do a primary restore of the SYSVOL on 1 DC,
the other DCs in the domain MUST have a non-auth. restore for the SYSVOL.

there is more to it than I explain here, but thiss should give you an idea

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
 
Back
Top