Solved

DNS restore active directory

  • 26 January 2022
  • 10 replies
  • 1597 views

Userlevel 1
Badge +12

Hello,

 

 

I want to know if I'm going to remove 1 dns zone how can I restore it via AD, should I check DC=domainDnsZones or DC=ForestDnsZone? And then full dns zone be restored? For example I want to remove RestoremePlease ( see attachment), how can I restore it via AD restore

 

icon

Best answer by Mike Struening RETIRED 3 June 2022, 23:13

View original

If you have a question or comment, please create a topic

10 replies

Userlevel 7
Badge +15

Hi @Egor Skepko 

Thank you for the question.

Reviewing Documentation, we have a couple of references:

Backup - Active Directory iDataAgent

What Is Backed Up

Active Directory iDataAgent can backup the following data types, modifiable, and non-modifiable attributes of an object.

Supported Data Types

Computer

Contact

Group

IntetOrgPerson

MSMQ Queue Alias

Organizational Unit

Printer

User

Shared Folder

Configuration

Schema

DomainDNSZones

ForestDNSZones

 

Restore - Active Directory iDataAgent

What Is Restored

Attributes on each supported Windows object

Computer

Contact

Group

InetOrgPerson

MSMQ Queue Alias

Organizational Unit

Printer

User

Shared Folder

Configuration

Schema

ForestDNSZones

DomainDNSZones

 

So, if you browse a recent Active Directory backup job and browse the content, you should see both ForestDNSZones and DomainDNSZones to check for the content that you are wishing to restore.

It’s difficult to tell from the screenshot whether the zones are Forest or Domain integrated, but if I had to guess, I would say they are Domain zones.

Active Directory Integrated DNS Zones

You can also use Microsoft ADSI Edit utility on a domain controller to check whether the particular zones are located in ForestDNSZones or DomainDNSZones.

Thanks,

Stuart

Userlevel 1
Badge +12

@Stuart Painter Iets integrated DNS zone, but i juist want to know before i gonna restore its. If i gonna delete only 1 zone like i mented in the screenshot i cant chose to restore only deleted zone so i need to restore all DNS zone? 

Userlevel 7
Badge +23

@Egor Skepko , following up on this thread.  did you ever get an answer on this?  If not, let me know and I can get a resource on this.

Userlevel 1
Badge +12

@Mike Struening Wel i made case at commvault, we are trying to figure out the issue at restore. After deleting dns zone and restoring its back the SOA records not getting restore and then i cant open restored zone. 

Userlevel 7
Badge +23

Thanks, @Egor Skepko !  I found the incident number.

Userlevel 1
Badge +12

@Mike Hello the dns restore zone solve. I am using 1-touch recovery with 1Touch_REL11_24_37_WinPE10_x64 iso. Immportend is to chose Primary restore at restore option for SYSVOL. iets might depend what dns zone are you restore primary or secondary. 

Userlevel 1
Badge +12

@Mike Struening The only issue now is to replicate to another ad. So i gonna try to do Authenticated restore of SYSvol instead of Primary

Userlevel 7
Badge +23

@Egor Skepko , keep us posted!

Userlevel 7
Badge +23

Sharing the latest case details:

Issue
=============
- Restore deleted DNS records through an AD restore
- DNS restore is successful. However, unable to open the restored file and getting the error.

Steps taken
============
Work performed/Analysis:

- DNS restore issue
- DNS is AD integrated
- The customer have deleted the “RestoreMePlease” folder from the DNS and want to restore it back
- Ran the restore job, restore completed successfully.
- Checked in the Job restored items and the folder restore showed as successful.
- However, when the customer opened the folder he got an error: Zone not loaded by DNS. The DNS server encountered a problem while attempting to load the zone. The zone data not be available in AD, or the zone data I corrupt. (Screenshot available in the case notes)\
- They have contacted in Wintel team and they said that the restore job is failing to restore the SOA record for the folder which is causing the error.

 

@Egor Skepko , was the issue on the DNS server side?

Userlevel 7
Badge +23

Sharing case solution:

Finding Details:

Issue
=============
- Restore deleted DNS records through an AD restore
- DNS restore is successful. However, unable to open the restored file and getting the error.

Solution:

- Case was escalated to Development who advised to perform a 1-touch restore without minisetup -- however issue still remained
- Development team have sent the bellow steps to perform an Authoritative AD restore
1. Do a 1-Touch Restore keeping SYSVOL Restore option to “Authoritative”, and in Advanced Option, un-check the option “Reboot after restore complete”. Proceed with the restore.
2. When the Restore is complete, open registry using the command prompt.
3. Next, we need to load the backed up machine’s registry hive and create a key. Click on HKEY_LOCAL_MACHINE and go to File -> Load Hive. The registry to be loaded will be found in C:\Windows\System32\config, titled “SYSTEM”. Give it any name, say “Backup”.
4. In the loaded hive “Backup”, navigate to CurrentControlSet\Services\DFSR (The current control set is recorded in “Current” under HKEY_LOCAL_MACHINE\SYSTEM\Select – e.g. if it is 1, it points to ControlSet001). Create a new key “Restore”, and modify the “default” value data to “authoritative”.
5. Click on the loaded hive “Backup” and go to File -> Unload Hive. The “Backup” hive will now be unloaded from the WinPE registry.
6. Reboot the machine by executing command “shutdown /r” on command line, and wait for the post restore steps to finish (The system will boot twice)

- Customer performed the above and informed the restore completed and the deleted DNS zone was restored and is accessible
- Customer followed the steps here https://documentation.commvault.com/11.25/essential/57216_replicating_active_directory_data_to_all_domain_controllers_in_domain.html to replicate the AD to all other domains and informed replication is also working