In this lession, we will be restoring an Active Directory / System State backup of our primary domain controller. To get started, I am going to log in to my test lab, open Active Directory and start breaking stuff.

I’m going to delete the root OU I have called “Server Academy”. This will delete several user and computer accounts as well as other sub OUs.

First I need to enable Advanced Features by clicking View > Advanced Features, then I can open the properties of each OU and remove the protection from accidental deletion:

Now that I have repeated this for all the OUs, I can go ahead and delete the OUs:

So now my OU and User Accounts are deleted:

Yikes! Now I need to restore my backup to get the data back. To restore a System State backup of an Active Directory we first need to boot the server into DSRM (Directory Services Restore Mode). We can boot into this mode by restarting the server and repeatidly pressing F8 from the moment the server powers off until you see the screen below:

Select Directory Services Repair Mode, then press Enter.

Notice: If you don’t have physical access to the server or don’t see the prompt when you reboot the server, use MSConfig:

Then select Boot > Safe boot > Active Directory repair:

Click OK then restart:

Once you have rebooting into DSRM mode, log in with the LOCAL administrator account and the DSRM password you created when you installed the ADDS server role:

If you see a message about no logon servers available, that means you are using a domain account and not a local account.

Once you’ve logged in, open Command prompt:

Next run the following command: 

wbadmin get versions

Next start a recovery by running the command: 

wbadmin start systemstaterecovery -version:[Insert your version identifier here] –authsysvol

Note that the “–authsysvol” marks this sysvol as the authoritative for your replication.

I am going to select the latest update I have, and run the command:

Next enter “Y” to confirm:

Again type “Y” to confirm that you may lose internet connectivity:

Confirm that you understand there will be increase network traffic between your domain controllers (if you have multiple) due to AD replication:

Finally, the backup will start and now it’s just a waiting game:

If you used MSConfig to start into DSRM mode, you will want to undo those changes before rebooting. Since my search doesn’t work, Im going to right-click the taskbar and select Task Bar.

Next click File > Run new task

Type MSConfig and press OK. Go to Goot and turn off Safe boot:

Now restart your server. The computer will take a while before booting up so you’ll need to be patient.

Once this is done, go ahead and log in. Once I open Active Directory I can see that the OUs and user accounts are now restored:

And that is how you perform an active directory backup and restore!

Server Academy Members Only

Want to access this lesson? Just sign up for a free Server Academy account and you'll be on your way. Already have an account? Click the Sign Up Free button to get started..

Sign In Sign Up Free