Nazaudy, a spark in your curious mind

Restore Windows Server Active Directory from bare metal

This guide will show you how to restore Windows Server Active Directory from bare metal. This guide will work the same whether that server is a Windows Server 2012 R2 or a Windows Server2016. Now, the term "bare metal" should probably be changed to read "bare virtual" instead, because nowadays nobody is restoring anything (or should not really be restoring anything) as sensitive as Active Directory into a physical machine. By now you should be running 100% virtual, no excuses!!

With that in mind, the second step to consider is that a restore is only as good as the backup had been, so ensure that you have a proper backup procedure in place on your Active Directory virtual machines before they crash. They hosts where your virtual machines are running can be sold and purchase, they are all disposable, as well as the storage and all the network infrastructure, they all will eventually get old, slow, depreciated and will need to be recycled, but...your data! ah my friend! That is the most important thing that every network has. Ensure that you have setup a proper backup strategy in the first place.

This article of Restore Windows Server Active Directory from bare metal is only good to you if you a backup strategy prior to the disaster. If you are lucky and the problem has not reached you yet, please follow this guide to get you started:

 

  1. Preparation - Backup procedure for your "active" Forest Root Domain Controller server
  2. Restore Windows Server Active Directory from bare metal into a different virtual machine
  3. Restore Windows Server Active Directory from bare metal method 2

 

1. Preparation - Backup procedure for your "active" Forest Root Domain Controller server

Your Forest Root Domain Controller (FRDC) is one of the most important machine in your environment. To ensure it is backup properly, add a secondary hard drive to it of about 60GB, and, after formatting it with NTFS, ensure that you remove any drive letter to it, so that it doesn't show under My Computer

 Restore Windows Server Active Directory from bare metaldrive with no letter assigned

 We'll use this "hidden" hard drive to store our Active Directory backup data. Once the drive is in place, install the Windows Server Backup Feature by running this cmdlet in PS:

Install-WindowsFeature Windows-Server-Backup

Launch the application, and you know what to do...that's right: a Full server backup to start with. Use the(recommended schedule backup of your server, and point to that hidden hard drive, needless to say that you obviously need to exclude that hidden drive from the actual backup

Hide share

All you have to do now is to ensure that this Virtual Machine is backup on regular basis to your backup repository using Veeam Backup or any other solution that you have at work, because you'll need that drive to restore the AD in the unlikely event if goes supernova

One more important step is that you need to run this command on your AD server to ensure that the backup actually contain the "Bare Metal Recovery" entry, otherwise a bare metal restore in the future won't be possible:

#To check the status of your backup stored on the E:\ drive
wbadmin get versions -backuptarget:E:

Can recover bare metal recovery

 

2. Restore Windows Server Active Directory from bare metal into a different virtual machine

Obviously, this step will only work if you a good reliable backup of the AD server

To restore that backup, create another virtual machine and do as follows:

  1. Install the same operating system version that you had previously (on my example is Windows Server 2012 R2)
  2. Call the VM with the same name that the previous machine had
  3. Create the same hard drive sizes that you had on the FRDC, for example 100GB for the C:\ drive and 60GB for the backup drive
  4. Install an Operating System (any Microsoft-modern flavor) into that new VM
  5. Restore the "WindowsBackupImage" folder that was created during the schedule backup of the FRDC, and copy the contents into the second drive on this new virtual machine. Ensure that the folder structure follows the name WindowsBackupImage >> Server name; if you don't have a folder called "WindowsBackupImage" at the root of the secondary drive, this procedure won't work
  6. Once you're done, insert a DVD with the correct OS that you want to restore into this new VM and boot from it

For this example I'm choosing Windows Server 2012 R2, obviously the OS of your choice must be the same one as the one the FRDC had. Upon booting, click on "Repair your computer"

Windows Server 20212 R2 Repair your computer

Click on "Troubleshoot"

Troubleshoot in Restore Windows Server Active Directory from bare metal

On the window, click on "System Image Recovery"

System Recovery Image

Click on the next window the operating system of your choice (there should only be Windows Server 2012 R2) and click on next. Aha! Maybe you'll be presented with this error message: "Windows cannot find a system image on this computer", meaning you've done something wrong: the "WindowsImageBackup" root folder is NOT there... so yeah, let's give it a reboot after this error shows up and verify that that folder containing the backup actually exist with that exact name

Window cannot find a system image on this computer

Once you verified that the "WindowsImageBackup" folder is there, the System Image will find it, and you're ready to proceed with the full restore

WindowsImageBackup

 

Ensure the option "Format and repartitions disks" is selected and click on Finish to action the restore

 In progress Restore Windows Server Active Directory from bare metal

It might take a while, yes..... and once the machine comes back online, just remember to change its IP address to the original one the FRDC had and you're done!

 

3. Restore Windows Server Active Directory from bare metal method 2

I was disappointed that, on one of my test, the Windows installation wizard above, just could not see the backup data that I had on the secondary drive, so I tried this other method and it worked!

  1. Create another virtual machine and install a clean version of Windows Server 2012 R2, on whichever OS you had before on the crashed AD
  2. Install the needed hypervisor driver after the clean install. I'm on a Hyper-V for this test, so I'll install the "Integration Services" if needed
  3. Shutdown the VM, and attach the secondary hard drive where you have the original backup, and give it a drive letter (E:\ on my example)
  4. Shutdown the VM, and attach the secondary hard drive where you have the original backup
  5. Change the computer name to read the original name of the restore (on my example AXDC02)

Restore Windows Server Active Directory from bare metal ensure server name is changed

 

Then, run "msconfig"  and configure it to start on the next boot into "Active Directory Restore Mode". Important: run Windows Update before rebooting into AD Restore mode!

Active Directory repair

After the reboot, install Windows Server Backup from Server Manager

Install Windows Server backup

 

Open the command prompt and type this command to restore the backup catalogue to the new server

#To check the status of your backup stored on the E:\ drive
wbadmin get versions -backuptarget:E:

wbadmin restore catalog in Restore Windows Server Active Directory from bare metal

 

Tip: have on your network PRTG or similar system where you are informed of when a hard drive is full

Thank you for reading

 

London, 10 April 2020

 

References