Begin

Single DC impacted?

Multiple DCs / sites affected

Data Center outage or other disaster? Y

Y Object(s) deleted?

N Success? Y AD Troubleshooting

Hardware impaired?

Y Object Recovery

N N DC Recovery

N N AD Troubleshooting Escalate to support provider (e.g. Microsoft)

End

Trigger Disaster Recovery Plan

Object Recovery Solution / fix / workaround proposed? N Will rebuild of affected DCs fix? N

Support Contract? Success? Y Escalate

Elapsed time > 3 hrs or ETA > 3 hrs?

Y N Test solution / fix / workaround

DC Recovery Single DC Outage N

All DC's in domain affected?

Test successful? N Y Trigger Disaster Recovery Plan Advanced magic (e.g. ActiveDir questions, etc.)

N Y

Apply fix or work-around Contact Microsoft

End
Success? Y Execute forest recovery process Y Execute domain recovery process Gain consensus among DR team & Microsoft that domain / forest recovery is the only option Multiple DC Outage

End
All DC's in forest affected?

Author: 2010 Sean Deuby URL: http://adtroubleshooting.deuby.com

Active Directory Recovery

Version 1.1

Main Recovery Process

Object Recovery

Windows 2000?

Windows 2003?

Windows 2008?

Windows 2008 R2

Authoritative restore

Restoring single object? (not container)

Restoring single object? (not container)

Recycle Bin enabled?

N N

Recycle Bin recovery

Authoritative restore

Tombstone reanimation
Snapshots enabled?

Tombstone reanimation

Restoring single object? (not container)

N Y

Tombstone reanimation Authoritative restore

Snapshots enabled?

Snapshot restore

Snapshot restore

Authoritative restore

Author: 2010 Sean Deuby URL: http://adtroubleshooting.deuby.com

Active Directory Recovery

Version 1.1

AD Object Recovery Options

(Assumes native & free tools only)

DC Recovery
Is OS functional? N FSMO Role Owner?

Y Seize FSMO role to another DC N FSMO Role Owner? Y Attempt transfer to another DC N

Hardware problem?

Is orderly demotion possible?

Y Y Call in hardware vendor to repair or replace server DCPROMO Demote DCPROMO / FORCEREMOVAL Y Rebuild DC N

Success?

Seize FSMO role to another DC

Virtual DC?

Delete & reprovision VDC

Metadata Cleanup

Will rebuilt DC have different name / IP?

Delete A / SRV / CNAMEs of old configuration from zone

DCPROMO Promote (Network or IFM)

End
Author: 2010 Sean Deuby URL: http://adtroubleshooting.deuby.com

Active Directory Recovery

Version 1.1

Domain Controller Recovery

(Assumes rebuild rather than repair)

Revisions 1.1 Added option for virtual DC in DC Recovery

Author: 2010 Sean Deuby URL: http://adtroubleshooting.deuby.com

Active Directory Recovery

Version 1.1