Mark Minasi's Tech Forum
Register Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
DM-AVAL

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 79
Reply with quote  #1 

 

Quote:

Beginning with Windows Server 2008, it is not supported to restore system state backup to a new installation of Windows Server on new hardware or the same hardware. If Windows Server is reinstalled on the same hardware, as recommended later in this guide, then you can restore the domain controller in this order:

1.Perform a full server restore in order to restore the operating system and all files and applications.
a. Perform a system state restore using wbadmin.exe in order to mark SYSVOL as authoritative.

For more information, see Microsoft KB article 249694.



https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-determine-how-to-recover

I thought the Full Server Backup included the system state? If I performed a BMR/Full Server restore, would that NOT restore the system state as well? Why would you need to perform a second restore? I'm reviewing concepts for a forest recovery where (if I understand correctly) I would restore one domain controller and rebuild / re-promote the others. So I don't think I'd have to worry about authoritative restore or not.


0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 235
Reply with quote  #2 
> So I don't think I'd have to worry about authoritative restore or not.

yes and no. A BMR includes systemstate data, that's true. But the problem with forest recovery is that the DC that you just restored, in isolation, has replication partners. FRS and DFSR will sit there waiting forever until these come online, which will never happen. To counter that, you need to mark SYSVOL as authoritative, and one way to do this is using a systemstate recovery. However, for both FRS and DFSR there are alternative methods as outlined at a later point of the procedure.

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
DM-AVAL

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 79
Reply with quote  #3 
Thanks!

After reading more, that's what I was wondering: is marking SYSVOL as authoritative the only reason for the system state restore? Because at some point in that - or other - documentation there are two methods presented to achieve the same goal (authoritative SYSVOL restore to trigger SYSVOL replication).

But I'm more confident about this after reading your explanation.
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 235
Reply with quote  #4 
Systemstate for AD also exists for attribute level restore. For example, recovering a 1000 deleted users is easy enough using the Recycle Bin (if you enabled it -- if not, do it now), but what do you do if a script of IDM solution just reset the passwords of those 1000 uses? That's right, systemstate recovery is the only way out.
__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.