Develop a Recovery Plan

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Create a recovery plan for use if the in-place domain upgrade process does not go as planned. Select a Windows NT 4.0 BDC to be used as a rollback server. Synchronize the BDC with the PDC and take the rollback server offline in the event that it must be promoted to a PDC to restore the domain to its original state. Although you are unlikely to need the offline domain controller, it is recommended that you take one offline as a precautionary step if the Security Accounts Manager (SAM) account database on all domain controllers becomes corrupt.

Include the following in your recovery plan:

  • The steps needed for recovery. Be sure to provide clear instructions so that the deployment team can restore normal operations to the organization if necessary.

  • The estimated time that can elapse before recovery must take place. When elements of the upgrade process test unsuccessfully, you might spend unanticipated amounts of time identifying and correcting errors. Establish clear guidelines for the time period after which the deployment team must restore operations for end users.

  • Team review and sign-off. All members of the deployment team must sign off on the recovery plan. This signifies consensus about the recovery plan and reduces the chances that misunderstandings occur when the upgrade process does not go as planned.

Restoring the Domain to its Original State

If your in-place upgrade process fails, you can roll back a Windows Server 2003 Active Directory domain to its original state as a Windows NT 4.0 domain. There are two ways to roll back the deployment to its original state:

Note

  • The first recovery method is preferred for restoring a domain to its original state. The second recovery method should only be used if the SAM database on all domain controllers becomes corrupt.

  1. Remove (either by disconnecting the network cable or turning off) any Windows Server 2003–based domain controllers from the domain.

  2. Promote a Windows NT 4.0 BDC to become the PDC.

  3. Synchronize all Windows NT 4.0–based domain controllers.

  4. Test Windows NT 4.0 server operations and domain validation.

  5. Document the reasons for the unsuccessful domain upgrade and communicate them to your design team.

  6. Restart the design phase for the in-place domain upgrade. Be sure to include steps to mitigate the factors that caused the first in-place domain upgrade to fail.

    – Or –

    If a failure occurs after performing the steps above, remove all Windows Server 2003–based domain controllers from the network and promote the Windows NT 4.0 BDC that has been designated as the rollback server to become the PDC.

  7. Perform a full synchronization of all Windows NT 4.0 BDCs.

  8. Test Windows NT 4.0 server operations and domain validation.

  9. Document the reasons for the unsuccessful domain upgrade and communicate them to your design team.

  10. Restart the design phase for the in-place domain upgrade. Be sure to include steps to mitigate the factors that caused the first in-place domain upgrade to fail.

Important

  • You must take all Windows Server 2003–based domain controllers offline before you promote the rollback server to become the new PDC. If any Windows Server 2003–based domain controllers remain online in the domain, the promotion of the BDC to a PDC will not work.