Restore Active Directory from tape

Could some refer me to an article or tell me the best way to restore
active directory to a new domain control from tape? The new domain
controller is a disaster recovery server, and will not be connected to
our network. It will be a different server (hardware,IP, name, etc)
than the server that is currently hosting Active directory.
All I really need is the users & group's.

The only options I see in restoring active directory is by restoring
the system state that includes com object, registry, etc. I would need
to overwrite all of my current files while restoring this, which would
probably hose the backup sever since it is differnet than the server
that currently hosting AD.

Thanks!

The right way to do that is put the DC on the domain and run it and leave it
running. It needs to be a running DC that you use all the time along with
the others or it will not stay in sync,...and you need it to stay in sync.
There are SecureChannel issues and Machine Account updates that happen on a
schedule as a normal part of AD functionality that won't happen if the
machine isn't up and fuctioning on the LAN constantly, and those things are
another part of what is required to keep things in sync. A "backup DC" is a
redundant functioning "in use" DC,...not a DC disconnected, shutdown, and
sitting in a corner somewhere.

Domain Clients must have the IP# of all the DCs that run DNS added in thier
TCP/IP at all times. If they do not, then they will not "fail over" to the
next DC if the first one goes down.

The whole idea is that a failed DC will be transparent and not cause any
downtime. The worst that should happen is that you may have to do a forced
"seize" of the FSMO Roles on the remaining DC if one goes down.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------



"Matt Scoff" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Could some refer me to an article or tell me the best way to restore
> active directory to a new domain control from tape? The new domain
> controller is a disaster recovery server, and will not be connected to
> our network. It will be a different server (hardware,IP, name, etc)
> than the server that is currently hosting Active directory.
> All I really need is the users & group's.
>
> The only options I see in restoring active directory is by restoring
> the system state that includes com object, registry, etc. I would need
> to overwrite all of my current files while restoring this, which would
> probably hose the backup sever since it is differnet than the server
> that currently hosting AD.
>
> Thanks!
>
>

Thank you for the response. Yes, we already have a backup domain
controller. Which is great, unless you have a disaster and everything
in the office is blown away.

This domain controller would be used in a disaster situation where
there is nothing left but a tape to restore from.

So I need to know how I would restore this tape to a new server and
import/restore all of my active directory users.



On Thu, 8 Sep 2005 11:58:17 -0500, "Phillip Windell" <@.> wrote:

>The right way to do that is put the DC on the domain and run it and leave it
>running. It needs to be a running DC that you use all the time along with
>the others or it will not stay in sync,...and you need it to stay in sync.
>There are SecureChannel issues and Machine Account updates that happen on a
>schedule as a normal part of AD functionality that won't happen if the
>machine isn't up and fuctioning on the LAN constantly, and those things are
>another part of what is required to keep things in sync. A "backup DC" is a
>redundant functioning "in use" DC,...not a DC disconnected, shutdown, and
>sitting in a corner somewhere.
>
>Domain Clients must have the IP# of all the DCs that run DNS added in thier
>TCP/IP at all times. If they do not, then they will not "fail over" to the
>next DC if the first one goes down.
>
>The whole idea is that a failed DC will be transparent and not cause any
>downtime. The worst that should happen is that you may have to do a forced
>"seize" of the FSMO Roles on the remaining DC if one goes down.

This how to may help,

How to restore Active Directory
In a case your only DC dies and you need to restore Active Directory from a backup, follow these steps....
Restore AD from backup


Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
"Matt Scoff" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
Could some refer me to an article or tell me the best way to restore
active directory to a new domain control from tape? The new domain
controller is a disaster recovery server, and will not be connected to
our network. It will be a different server (hardware,IP, name, etc)
than the server that is currently hosting Active directory.
All I really need is the users & group's.

The only options I see in restoring active directory is by restoring
the system state that includes com object, registry, etc. I would need
to overwrite all of my current files while restoring this, which would
probably hose the backup sever since it is differnet than the server
that currently hosting AD.

Thanks!

"Matt Scoff" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thank you for the response. Yes, we already have a backup domain
> controller. Which is great, unless you have a disaster and everything
> in the office is blown away.
>
> This domain controller would be used in a disaster situation where
> there is nothing left but a tape to restore from.
>
> So I need to know how I would restore this tape to a new server and
> import/restore all of my active directory users.

Well, I'm not going to say that there isn't a way,...but I sure wouldn't
know how to deal with it when the Tape was made from a different machine
than what it is being restored to. The "System State" on the Tape is unique
to the machine it was backed up from and I don't know that you can use it on
another machine,...particularly when it is a different Name, IP, etc.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

I'm not sure what you are referring to here, Robert...
The only step you have is "Restore Active Directory from backup".
I know that step! That's what I am trying to do.

What I may end up doing is trying to restore the system state from the
backed up domain controller to the new server and see if it will still
boot up. If it works, then I can manually configure everything else
that has changed back to the way I want it. The question is, will it
work?

I wonder what everyone else has planned for their disaster recovery?




On Thu, 8 Sep 2005 14:55:32 -0500, "Robert L [MS-MVP]"
<(E-Mail Removed)> wrote:

>This how to may help,
>
>How to restore Active Directory
>In a case your only DC dies and you need to restore Active Directory from a backup, follow these steps....
>Restore AD from backup
>
>
>Bob Lin, MS-MVP, MCSE & CNE
>How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
>Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> "Matt Scoff" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> Could some refer me to an article or tell me the best way to restore
> active directory to a new domain control from tape? The new domain
> controller is a disaster recovery server, and will not be connected to
> our network. It will be a different server (hardware,IP, name, etc)
> than the server that is currently hosting Active directory.
> All I really need is the users & group's.
>
> The only options I see in restoring active directory is by restoring
> the system state that includes com object, registry, etc. I would need
> to overwrite all of my current files while restoring this, which would
> probably hose the backup sever since it is differnet than the server
> that currently hosting AD.
>
> Thanks!

I just wanted to follow up. I found this article:
http://support.microsoft.com/?id=263532
How to perform a disaster recovery restoration of Active Directory on
a computer with a different hardware configuration

That helped a lot but sure didn't cover everything.I'm using Windows
2003 server and that article is for 2000, but works just the same.
It's a big project. If you are doing this, the hardest part seems to
be fighting all of the software that is not truly installed but acts
like it is because of the registry entries from the computer you are
restoring from. Also DNS is difficult to get working correctly.
Install the Window System tools and use dcdiag.exe and netdiag /fix.

Hopefully that will help anyone else trying to do this.



On Thu, 08 Sep 2005 11:28:59 -0500, Matt Scoff <(E-Mail Removed)>
wrote:

>Could some refer me to an article or tell me the best way to restore
>active directory to a new domain control from tape? The new domain
>controller is a disaster recovery server, and will not be connected to
>our network. It will be a different server (hardware,IP, name, etc)
>than the server that is currently hosting Active directory.
>All I really need is the users & group's.
>
>The only options I see in restoring active directory is by restoring
>the system state that includes com object, registry, etc. I would need
>to overwrite all of my current files while restoring this, which would
>probably hose the backup sever since it is differnet than the server
>that currently hosting AD.
>
>Thanks!
>

Matt, how did you make out with this? I am trying the same thing. Restoring
a 2003 DC off of the network to simulate restoring at our hot site. I am
using exact hardware to restore to, but am having problems with AD starting.
The server boots and I can login, but can't get to AD Users and Computers,
WINS, DNS, DHCP, AD Sites and Services, etc. It is like AD won't start until
it replicates with another DC, but in a D\R scenario that won't be the case.
Any suggestions?

"Matt Scoff" wrote:

> I just wanted to follow up. I found this article:
> http://support.microsoft.com/?id=263532
> How to perform a disaster recovery restoration of Active Directory on
> a computer with a different hardware configuration
>
> That helped a lot but sure didn't cover everything.I'm using Windows
> 2003 server and that article is for 2000, but works just the same.
> It's a big project. If you are doing this, the hardest part seems to
> be fighting all of the software that is not truly installed but acts
> like it is because of the registry entries from the computer you are
> restoring from. Also DNS is difficult to get working correctly.
> Install the Window System tools and use dcdiag.exe and netdiag /fix.
>
> Hopefully that will help anyone else trying to do this.
>
>
>
> On Thu, 08 Sep 2005 11:28:59 -0500, Matt Scoff <(E-Mail Removed)>
> wrote:
>
> >Could some refer me to an article or tell me the best way to restore
> >active directory to a new domain control from tape? The new domain
> >controller is a disaster recovery server, and will not be connected to
> >our network. It will be a different server (hardware,IP, name, etc)
> >than the server that is currently hosting Active directory.
> >All I really need is the users & group's.
> >
> >The only options I see in restoring active directory is by restoring
> >the system state that includes com object, registry, etc. I would need
> >to overwrite all of my current files while restoring this, which would
> >probably hose the backup sever since it is differnet than the server
> >that currently hosting AD.
> >
> >Thanks!
> >
>
>

Once you get the on DC......can you get into NTDSUTIL and metadata cleanup
all the servers that are "not there" ?





"Erik Campana" <(E-Mail Removed)> wrote in message
news:735523FD-31F5-47A8-91DE-(E-Mail Removed)...
> Matt, how did you make out with this? I am trying the same thing.
Restoring
> a 2003 DC off of the network to simulate restoring at our hot site. I am
> using exact hardware to restore to, but am having problems with AD
starting.
> The server boots and I can login, but can't get to AD Users and Computers,
> WINS, DNS, DHCP, AD Sites and Services, etc. It is like AD won't start
until
> it replicates with another DC, but in a D\R scenario that won't be the
case.
> Any suggestions?
>
> "Matt Scoff" wrote:
>
> > I just wanted to follow up. I found this article:
> > http://support.microsoft.com/?id=263532
> > How to perform a disaster recovery restoration of Active Directory on
> > a computer with a different hardware configuration
> >
> > That helped a lot but sure didn't cover everything.I'm using Windows
> > 2003 server and that article is for 2000, but works just the same.
> > It's a big project. If you are doing this, the hardest part seems to
> > be fighting all of the software that is not truly installed but acts
> > like it is because of the registry entries from the computer you are
> > restoring from. Also DNS is difficult to get working correctly.
> > Install the Window System tools and use dcdiag.exe and netdiag /fix.
> >
> > Hopefully that will help anyone else trying to do this.
> >
> >
> >
> > On Thu, 08 Sep 2005 11:28:59 -0500, Matt Scoff <(E-Mail Removed)>
> > wrote:
> >
> > >Could some refer me to an article or tell me the best way to restore
> > >active directory to a new domain control from tape? The new domain
> > >controller is a disaster recovery server, and will not be connected to
> > >our network. It will be a different server (hardware,IP, name, etc)
> > >than the server that is currently hosting Active directory.
> > >All I really need is the users & group's.
> > >
> > >The only options I see in restoring active directory is by restoring
> > >the system state that includes com object, registry, etc. I would need
> > >to overwrite all of my current files while restoring this, which would
> > >probably hose the backup sever since it is differnet than the server
> > >that currently hosting AD.
> > >
> > >Thanks!
> > >
> >
> >

Thanks for the reply. I can, but don't want to. We have 4 other locations
that have DCs. Eventually we would reconnect to them from our hot site, but
not right away so I don't want to delete them from AD. I'm basically trying
to get this D\R DC to run standalone without needing to talk to the other
servers.

"(E-Mail Removed)" wrote:

> Once you get the on DC......can you get into NTDSUTIL and metadata cleanup
> all the servers that are "not there" ?
>
>
>
>
>
> "Erik Campana" <(E-Mail Removed)> wrote in message
> news:735523FD-31F5-47A8-91DE-(E-Mail Removed)...
> > Matt, how did you make out with this? I am trying the same thing.
> Restoring
> > a 2003 DC off of the network to simulate restoring at our hot site. I am
> > using exact hardware to restore to, but am having problems with AD
> starting.
> > The server boots and I can login, but can't get to AD Users and Computers,
> > WINS, DNS, DHCP, AD Sites and Services, etc. It is like AD won't start
> until
> > it replicates with another DC, but in a D\R scenario that won't be the
> case.
> > Any suggestions?
> >
> > "Matt Scoff" wrote:
> >
> > > I just wanted to follow up. I found this article:
> > > http://support.microsoft.com/?id=263532
> > > How to perform a disaster recovery restoration of Active Directory on
> > > a computer with a different hardware configuration
> > >
> > > That helped a lot but sure didn't cover everything.I'm using Windows
> > > 2003 server and that article is for 2000, but works just the same.
> > > It's a big project. If you are doing this, the hardest part seems to
> > > be fighting all of the software that is not truly installed but acts
> > > like it is because of the registry entries from the computer you are
> > > restoring from. Also DNS is difficult to get working correctly.
> > > Install the Window System tools and use dcdiag.exe and netdiag /fix.
> > >
> > > Hopefully that will help anyone else trying to do this.
> > >
> > >
> > >
> > > On Thu, 08 Sep 2005 11:28:59 -0500, Matt Scoff <(E-Mail Removed)>
> > > wrote:
> > >
> > > >Could some refer me to an article or tell me the best way to restore
> > > >active directory to a new domain control from tape? The new domain
> > > >controller is a disaster recovery server, and will not be connected to
> > > >our network. It will be a different server (hardware,IP, name, etc)
> > > >than the server that is currently hosting Active directory.
> > > >All I really need is the users & group's.
> > > >
> > > >The only options I see in restoring active directory is by restoring
> > > >the system state that includes com object, registry, etc. I would need
> > > >to overwrite all of my current files while restoring this, which would
> > > >probably hose the backup sever since it is differnet than the server
> > > >that currently hosting AD.
> > > >
> > > >Thanks!
> > > >
> > >
> > >
>
>
>