Rebooting domain controllers manually
You can use the Forest Recovery Console to selectively reboot domain controllers in the current recovery project. You can reboot domain controllers either in normal mode or Directory Services Restore Mode (DSRM).
To reboot domain controllers
- In the List of Domain Controllers area, select the domain controllers you want to reboot.
To select multiple domain controllers, hold down CTRL, and click the domain controllers you want to select.
- On the menu bar, select Tools | Manage | Forest Recovery Agent or DCs.
- In the dialog box that opens, click the Reboot button, and then click one of the following:
- Reboot in Normal Mode. Reboots the domain controllers in normal mode.
- Reboot in DSRM. Reboots the domain controllers in Directory Services Restore Mode.
Specifying fallback IP addresses to access a domain controller
By default, Forest Recovery Console uses DNS names to access domain controllers in the forest recovery project. If the DNS name of the domain controller is not resolved, the console uses the IP addresses that are saved in the project file. The project file accumulates all previously resolved DNS addresses or addresses that were manually entered by a user for each domain controller.
To specify the list of fallback IP addresses for a domain controller
- On the menu bar, select Tools | Manage | Forest Recovery Agent or DCs.
- Select a domain controller whose address list you want to change. The IP addresses column shows the list of IP addresses that are stored in the project file.
- To edit the list, click the IP address or select More | Edit IP Adresses... in the Manage Domain Controllers dialog.
- In the dialog box that opens, you can specify fallback IP addresses for the domain controller in order of their priority. These addresses will be saved in the project file and can be used during forest recovery when the DNS server is unavailable.
Resetting DSRM Administrator Password
You can use the Forest Recovery Console to selectively reset the Directory Services Restore Mode (DSRM) administrator password on domain controllers in the current recovery project. You can reset the DSRM administrator password to the value specified in the domain controllers’ recovery settings or specify a new DSRM administrator password.
To reset DSRM administrator password
- Use the List of Domain Controllers area to select the domain controllers on which you want to reset the DSRM administrator password.
To select multiple domain controllers, hold down CTRL, and click the domain controllers you want to select.
- On the menu bar, select Tools | Manage | Forest Recovery Agent or DCs.
- In the dialog box that opens, click More, and then click Reset DSRM Password.
- Use one of the following options:
- Reset password to the value in recovery settings. Allows you to reset the DSRM administrator password to the value specified in the recovery settings for each domain controller. For more information about recovery settings, see Domain controller recovery settings and progress.
- Reset password to this value. Allows you to reset the DSRM administrator password to the value you type in this option.
- When you are finished, click Apply.
Purging Kerberos Tickets
During the forest recovery process, the Key Distribution Center Service Account (KRBTGT) password is automatically reset to different values on all domain controllers. As a result, after the restore, incorrect Kerberos tickets may be cached on domain controllers and other servers in the domain. This can lead to authentication errors for various services after the forest recovery operation within renew ticket lifetime (10 hours by default).
In order to avoid authentication errors, make sure that the KRBTGT account has been successfully replicated and then reset Kerberos tickets.
|
NOTE: Recovery Manager for Active Directory Disaster Recovery Edition uses the domain controller access credentials to purge Kerberos tickets. For more details, refer Table 24 in the Settings tab section. |
To purge Kerberos tickets
- After the restore process is completed, in Forest Recovery Console, click the Purge Kerberos Tickets option in the Post-Recovery Actions window or select Tools | Manage | Purge Kerberos Tickets.
- In the Purge Kerberos Tickets window, click Apply to start replicating the KRBTGT account in the domains and then purge the tickets on the domain controllers.
- Click OK to close the window.
|
NOTE:
- For read-only domain controllers, the option purges Kerberos tickets and does not perform the replication of KRBTGT account.
- The purge Kerberos tickets operation does not affect domain controllers that were excluded from the forest.
|