Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
How to restore a single DC that was lost in an otherwise healthy forest
설명
Restoring a Single DC requires a few pre-configuration steps. The Recovery process will complete successfully without these, but the old Computer, Server and Connection Objects will still exist, AD may never clean these up and re-create them properly, so It would be better to delete these from the directory before you beginning.
원인
-
해결 방안
Assumptions:
There is still another working DC in the domain.
You have a backup of the domain from before you lost the DC.
The backup is only used to create a new Forest Recovery Project. If you already have an FRP that created before the DC was lost, you can use that instead.
You have a Target server ready to go. It needs to be the same OS, or a currently supported OS in the domain.
If you use a backup to IFM the target server, then the OS must match the backup.
For best results, this Target server has the same IP address as the DC you lost.
Preparation Steps:
Logon to a working DC in the domain (preferably the PDC emulator)
Clean up Metadata for the DC that was lost:
Open Active Directory Users & Computers, and delete the computer object for the DC that you lost.
You’ll see a warning prompt that you’re deleting a Domain Controller. Check the box that says; “Delete this Domain Controller anyway…” then click “Delete.”
Open Active Directory Sites and Services, Drill into the site the Domain Controller was in, and delete the Server Object for that DC.
If necessary, Seize FSMO roles the lost DC owned onto another, working DC. You can do this from the Forest Recovery Console.
Wait, or force replication.
Recovery:
Open the existing Forest Recovery Project, or create one using the backup from before you lost the DC.
Once the list of DCs populate, change the Recovery Mode to “Repromotion”.
All DCs should change to the “Do Nothing” method, however if a DC was set to “Do Not Recover” you may need to change it to “Do Nothing.”
Change the method of the DC you want to recover to “Install Active Directory.
If you want to use the IFM option, select the most recent backup. Even a backup made after the DC was lost, even after metadata was cleaned up, will work.
Enter the proper credentials for domain, local administrator, DSRM and backup access.
Enter the IP address of the target server (which should match the IP of the DC you lost) into the “Target Computer:” field in the FRC.
Verify Settings
Start Recovery
Post Recovery: After recovery completes, you may need to wait a while as the KCC re-creates the connection objects for the (now replaced) DC in sites in services. The DC is functional, but replication will take a while (typically 15 minutes to an hour) to settle in. Avoid the temptation to rush this by forcing replication. Let the KCC properly remove the old connection objects and create new ones for you.