To restore domain controllers, you can use backups created with Recovery Manager for Active Directory or Recovery Manager for Active Directory Forest Edition. For this reason, you should back up domain controllers in the forest on a regular basis using one of these applications.
It is a good practice to create a Computer Collection that includes all domain controllers in the forest and back up the Collection each time you make changes to the forest infrastructure. Besides, you can use the Computer Collection to ensure that Forest Recovery Agent is installed on each domain controller in the Collection.
For more information about using the Forest Recovery Agent and Computer Collections, see the User Guide supplied with this release of Recovery Manager for Active Directory Forest Edition.
Before starting a forest recovery operation, you should specify a method for selecting a preferred DNS server for each domain controller in your recovery project. You can choose one of the following DNS server selection methods:
For more information on how to specify a DNS server selection method, see Domain controller recovery settings and progress.
When you choose to select a DNS server automatically, Recovery Manager for Active Directory Forest Edition contacts the domain controllers in the forest to get a list of all DNS servers they use. Then, Recovery Manager for Active Directory Forest Edition automatically selects a properly working DNS server from the received list and assigns that DNS server to the domain controller.
The automatic DNS selection method is recommended in the following cases:
Important: It is not recommended to uninstall or reinstall Active Directory on the DNS servers that act as a primary source for an Active Directory-integrated DNS zone. Also, it is not recommended to remove such DNS servers from Active Directory during recovery .
The Do not change DNS settings option lets you retain DNS settings during recovery so you do not need to reconfigure DNS settings for each domain controller within the forest after the recovery operation is completed.
When you specify a DNS server or list of DNS servers manually, Recovery Manager for Active Directory Forest Edition first tries to assign the specified DNS server(s) to the domain controller. If the specified DNS server does not function properly or is inaccessible, Recovery Manager for Active Directory Forest Edition automatically selects DNS servers (primary and alternate) that were set on this domain controller before the recovery. If this action is also unsuccessful, Recovery Manager for Active Directory Forest Edition selects DNS servers from a list of all DNS servers that are in use in the forest.
How does Recovery Manager for Active Directory Forest Edition determine that the DNS server is available for use?
Recovery Manager for Active Directory Forest Edition sets a DNS server on all the network adapters on the domain controller and checks if it is enough to register DC Locator resource records and A-type (host) records. If the test succeeds, then this DNS server is set as the preferred DNS server on all network adapters.
NOTE: According to Microsoft recommendations, DNS servers should include their own IP addresses in the lists of DNS servers. The loopback address (127.0.0.1) should be configured only as a secondary or tertiary DNS server on a domain controller.
If you specified the loopback address in the wrong sequence, the order will be corrected automatically when the list of DNS servers is configured on a domain controller.
If you want to use the manual DNS server selection method, it is recommended to make sure you have one or more DNS servers properly configured for working with the domain controllers being recovered. All these DNS servers must support dynamic updates and have DNS zones configured for each domain in the forest you want to recover. Make sure you specify one of these DNS servers for each domain controller in your recovery project.
Before you choose one of the recovery methods described in this section, it is strongly recommended that you read Microsoft’s best-practice paper, Planning for Active Directory Forest Recovery.
This section covers the following:
To use this method, you must have recent and trusted backups for as many domain controllers as possible in each domain in the forest. These backups must be created at a similar point in time to mitigate the risk of discrepancy after the forest is recovered.
At a high level, Method 1 includes the following stages:
Method 1 has the following advantages and limitations:
Table 33: Recovery method 1: Advantages and limitations
For a step-by-step procedure on how to perform a forest recovery, Overview of steps to recover a forest