Can I restore Active Directory from a snapshot of a virtual machine?Active Directory is a virtual machine. I have doubt if the restore of Sysvol, will restore fully.
Best answer by Onno van den Berg
View originalCan I restore Active Directory from a snapshot of a virtual machine?
+5
Hello,
I thinks the best way for protect your AD is to Install Commvault Agent.
Follow this guide: https://documentation.commvault.com/2022e/expert/14387_active_directory.html.
Best regards
Userlevel 7
+19
- Commvault Certified Expert
- 1049 replies
-
22 August 2022
- Answer
Do mind that for full AD recovery you will have to use the FS agent including system state, The AD agent itself only covers the backup and recovery of AD objects!
Recovering AD from a VM snapshot can be complicated when you have divided the FSMO roles over AD controllers but it is definitely possible and should working in most situations without issues. Just follow the procedure to boot the recovered VM into DSRM and changing/verifying the value of the DSA Previous Restore Count resgistry key.
Userlevel 7
+23
- Vaulter
- 1098 replies
-
23 August 2022
Onno pretty much covered it. It is helpful if all roles are on the same DC but that's probably not best practice depending on size of environment. Once you restore a domain controller to a previous time, its AD database will be overwritten by newer copies - you need to make the domain controller authoritative (the master of all) before introducing it to the network which will force all other domain controllers to overwrite their database with the restored copy.
When using a FS agent that option is already included on the restore options. When restoring from a VM you’ll have to figure it out the steps to do it manually. The VM method could be quicker depending on the circumstances, but I’d have both FS backups and VM backups to give yourself all the possible options!
When it comes to restores, options are good :)
Userlevel 7
+19
- Commvault Certified Expert
- 1049 replies
-
23 August 2022
So to summarize: yes, it is possible but it depends on the issue that you are facing. I would say in case you have multiple AD servers and AD is still healthy than I would always just build a new AD controller from scratch and remove the broken one. In case AD is screwed you can use VM-level backup to recover AD but it requires some steps to be taken but you know you have a "system state”. A full AD recovery using the AD agent cannot be done unless you also schedule a FS backup with system state. I opened CMR 232194 a very long time ago to enhance the AD agent to make sure the FS agent is scheduled and configured automatically as we have seen customers making mistakes because they assumed the AD agent would also cover the system state backup automatically. So they managed to break AD entirely and couldn't recover their AD.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.