Restore Domain Controllers
The nature of Active Directory - details about how it works, and about the singular Flexible Single Master Operations (FSMO) roles that are attached to specific Active Directory servers - demands special treatment in the backup, restore, and recovery (BRR) plan. For all other servers in the solution, you should restore from a complete backup image. This process restores the entire system state and all hard disk content. On an Active Directory domain controller, this system state includes the FSMO roles and associated data. There are several potential issues when you restore this way:
- Restoration of a relative identifier (RID) master can result in corruption of the Active Directory database.
- Restoration of the schema master (SID) can result in orphaned objects.
- We recommend distributing the FSMO roles of the RID and schema master on different domain controllers.
- Active Directory replication will automatically distribute all needed data to a new domain controller when it is brought into the domain.
Therefore, as long as there is a working domain controller in the infrastructure, you should recover from an Active Directory domain controller failure by building a new domain controller, joining it to the existing domain, and allowing Active Directory replication to update it to the current state.
The only time you should use domain controller backup images is when the failure has resulted in loss of all the domain controllers in the infrastructure.
Even if you don't plan to use domain controller backup images very often, performing regular backups of a domain controller commits the Active Directory database's transaction logs. Without backups, these transaction logs will accumulate and consume disk space.
Along with this process, it is critical to understand that the domain controllers in the infrastructure must be completely backed up on a regular schedule. Even if you use these backup images only for testing and disaster recovery drills, should the ultimate catastrophe occur where all domain controllers are lost, there will be no recovery possible without them.
The recovery process recommended here takes one of two paths, based on whether or not a working domain controller is available. If a working domain controller continues to function, the recommended procedure is to seize any FSMO roles that the failed server had been supporting onto the working domain controller, rebuild the failed server from scratch, and allow replication to bring it up to date rather than using a backup of the failed server. Only if there is no functioning domain controller in the solution should the recovery process use the backup image.