Acronis Backup for Windows Server - User Guide User Manual
Page 208
208
Copyright © Acronis International GmbH, 2002-2014
Steps to perform
If the domain has other domain controllers, you can perform nonauthoritative restore of a lost
domain controller in either of these ways:
Recover a domain controller from a backup by using a bootable media. Ensure that there is no
USN rollback problem (p. 210).
Recreate a domain controller by installing the operating system and making the machine a new
domain controller (by using the dcpromo.exe tool).
Both operations are followed by automatic replication. Replication makes the domain controller
database up-to-date. Just ensure that the Active Directory service has started successfully. Once
replication completes, the domain controller will be up and running again.
Recovery vs. re-creation
Re-creation does not require having a backup. Recovery is normally faster than re-creation. However,
recovery is not possible in the following cases:
All available backups are older than the tombstone lifetime. Tombstones are used during
replication to ensure that an object deleted on one domain controller becomes deleted on other
domain controllers. Thus, proper replication is not possible after the tombstones have been
deleted.
The domain controller held a Flexible Single Master Operations (FSMO) role, and you have
assigned that role to a different domain controller (seized the role). In this case, restoring the
domain controller would lead to two domain controllers holding the same FSMO role within the
domain and cause a conflict.
Recovering a domain controller that holds a FSMO role
Some domain controllers hold unique roles known as Flexible Single Master Operations (FSMO) roles
or operations manager roles. For the description of FSMO roles and their scopes (domain-wide or
forest-wide), see Microsoft Help and Support article http://support.microsoft.com/kb/324801.
Before recreating a domain controller that held the PDC Emulator role, you must seize that role.
Otherwise, you will not be able to add the recreated domain controller to the domain. After
recreating the domain controller, you can transfer this role back. For information about how to seize
and transfer FSMO roles, see Microsoft Help and Support article
http://support.microsoft.com/kb/255504.
To view which FSMO roles are assigned to which domain controller, you can connect to any live
domain controller by using the Ntdsutil tool as described in Microsoft Help and Support article
http://support.microsoft.com/kb/234790. Follow the steps in the “Using the NTDSUTIL Tool” section
of that article:
For the Windows 2000 Server and Windows Server 2003 operating systems, follow all steps as
they are given.
For the Windows Server 2008 operating systems, in the step asking you to type
domain management, type roles instead. Follow other steps as they are given.
11.4.2 Recovering a domain controller (no other DCs are available)
If all domain controllers are lost, nonauthoritative restore in fact becomes authoritative: the objects
restored from the backup are the newest available. Replication of Active Directory data cannot take
place because there are no live domain controllers. This means that: