Running a disaster recovery operation on a remote Windows computer (includes non-authoritative and authoritative restore of Active Directory for a domain controller)

Article:HOWTO23130  |  Created: 2010-01-01  |  Updated: 2013-04-29  |  Article URL http://www.symantec.com/docs/HOWTO23130
Article Type
How To

Product(s)

Environment

Subject


Running a disaster recovery operation on a remote Windows computer (includes non-authoritative and authoritative restore of Active Directory for a domain controller)

Use the following steps to run a disaster recovery operation on a remote Windows computer.

To run a disaster recovery operation on a remote Windows computer

  1. At the remote computer, install the original version of Windows.

    This basic Windows installation is necessary to provide Backup Exec with a target to which it can restore the system. The computer name, Windows directory and the file system (such as NTFS) must be the same as the previous Windows installation. This basic installation will later be overwritten by the backed up version, which will restore your system configuration, application settings, and security settings.

    If you are recovering from an entire hard disk failure, use Windows setup to partition and format the new disk during installation.

    Format the partitions with the same file system as before the failure, as follows:

    • If the system was in a specific domain or workgroup, do not join the domain or workgroup at this time.

    • If you are recovering a domain controller, do not perform the domain controller installation process at this time.

  2. At the media server, install the Backup Exec Remote Agent to the remote computer.

  3. Start Backup Exec.

  4. From the navigation bar, click Devices, and then inventory the media containing the latest full backup of the computer to be recovered.

    See About inventorying media.

  5. Catalog the media containing the latest full backup of the computer to be recovered. If the subsequent differential/incremental backups are on separate media, catalog those also

    See Creating a new catalog.

  6. From the navigation bar, click Restore, and then select all sets from the full and incremental backups that contain logical drives on the hard disk. If differential backup sets are to be restored, select only the last differential set. Make sure you include System State or Shadow Copy components as part of the restore selections.

  7. On the Properties pane, under Settings, click General, and then select the following options:

    • Restore over existing files

    • Restore security

    • Preserve tree

  8. On the Properties pane, under Settings, click Advanced, and then select the appropriate options.

    See Advanced options for restore jobs.

    If you are restoring a computer that is the only domain controller in the domain or the entire domain is being rebuilt and this is the first domain controller, select the option Mark this server as the primary arbitrator for replication when restoring folders managed by the File Replication Service, or when restoring SYSVOL in System State.

  9. Click Run Now.

  10. After the job completes, restart the remote computer.

    Your computer's operating system is now restored to its pre-disaster state. Your data files have been restored, except those protected by Backup Exec database agents.

  11. Continue with one of the following:

    If you are performing an authoritative restore

    go to step 12.

    If you are not performing an authoritative restore

    the recovery is complete.

  12. At the remote server, press F8 during startup.

    A menu appears that allows you to diagnose and fix system startup problems.

  13. Select Directory Services Restore Mode.

  14. At the media server, start Backup Exec.

  15. From the navigation bar, click Restore.

  16. Select System State (Windows 2000 and later) or Shadow Copy (Windows 2003 and later) components as the restore selections.

  17. From the Properties pane, under Source, select Resource Credentials.

  18. Highlight the restore selection for the remote server and click New.

  19. Create a new logon account for this restore job. The account should have administrator privileges on the remote server.

  20. Select the new logon account and click OK.

  21. Run the Restore job.

    At the remote server:

  22. At this point, you can either choose to restore the entire Active Directory, or specific objects from the Active Directory:

    Restore the entire Active Directory by performing the following:

    • Open a command prompt.

    • Type NTDSUTIL and press Enter.

    • Type Authoritative Restore and press Enter.

    • Type Restore Database, press Enter, click OK and then click Yes.

    See Microsoft's documentation for running NTDSUTIL on Windows Server 2008/2008 R2.

    Restore specific objects from the Active Directory by performing the following:

    • Open a command prompt.

    • Type NTDSUTIL and press Enter.

    • Type Authoritative Restore and press Enter.

    • Type Restore Subtree "ou=<OU Name>.dc=<domain name>,dc=<xxx> (without the quotation marks), and then press Enter, where <OU Name> is the name of the organizational unit you want to restore, <domain name> is the domain name the OU resides in, and <xxx> is the top level domain name of the domain controller, such as com, org, or net. You can do this as many times for as many objects you need to restore.

  23. Once you have finished restoring Active Directory information, exit NTDSUTIL.

  24. Restart the computer.


Legacy ID



id-SF700139615_be2010_adm


Article URL http://www.symantec.com/docs/HOWTO23130


Terms of use for this information are found in Legal Notices