Recover an Active Directory Forest

To recover an AD forest, you use a runbook. You can use a runbook as many times as needed. Each time you use a runbook, a new instance of the runbook appears on the Monitoring tab of the forest.

Start the Active Directory Forest Recovery Wizard

1. From the Command Center navigation pane, go to Protect > Active Directory.

   The Overview page appears.

2. On the Forests tab, click the forest to recover.

   The forest page appears.

3. On the Runbooks tab, click the runbook.

   The runbook page appears.

4. In the upper-right area of the page, click Restore.

Recovery Point Page

1. Select the type of environment to recover to:

   • Non-production environment

   • Production environment

   Caution

   Use extreme caution when recovering to a production environment.

2. Click Next.

   A confirmation dialog box appears.

3. Enter the text to confirm the recovery.

4. Click Start.

Domain Controllers Page

1. Select the domain controllers to include in the recovery.

   If you don't select at least one DC for a domain, then that domain is removed from the recovered forest and all its metadata is cleaned up. You must configure at least one DC from each domain with the Create new domain controller VM from backup option.

2. Click Next.

Recovery Points Page

1. Select the recovery points—that is, the backups to recover the data from.

   You can select the same recovery point for all DCs, or you can select different recovery points.

2. Click Next.

Domain Credentials Page

If the runbook does not have credentials configured for some of the domains in the runbook, you must enter them on the Domain Credentials page. If the runbook has credentials configured for some of the domains, verify that the credentials are still valid.

Domain credentials are for user accounts that have administrative access to your AD domains. The domain credentials are used to perform runbook configuration steps, such as “Seize FSMO roles” and “Raise RID pool”, that require access to Active Directory.

Because cross-domain authentication is disrupted during a forest recovery, for each domain, specify a separate credential that is a privileged AD user account local to that domain, preferably an account that belongs to the Domain Admins group in the local domain.

1. Select the domains to specify the same credentials for.

2. Click Configure domain credential.

   The Active Directory credential dialog box appears.

3. For Credential, select the credential.

4. Click Submit.

Restore Options Page

Review and make any necessary changes to the restore options for the domain controllers in the runbook.

For domain controllers you select the Create new domain controller VM from backup recovery option for, you must also specify Virtualize Me restore options. You can change the configuration for any DC on this page.

1. Select the DCs to change Virtualize Me options for.

2. Click Configure Virtualize Me options.

   The Configure Virtualize Me options dialog box appears.

   For domain controllers that you select the Promote server to domain controller option for, you must specify additional options.

3. Select a DC to change DC promotion options for.

4. Click Configure DC Promo options.

   The Promote server to domain controller configuration dialog box appears.

5. Click Next.

Recovery Node Page

1. For Recovery node, select the server you want to orchestrate the tasks in the runbook, including requesting the domain controller recovery jobs and making configuration changes to Active Directory.

2. Click Next.

Runbook Steps Page

1. Perform a final review of the steps in your runbook.

   You can skip steps.

2. Click Start.

   A confirmation dialog box appears.

3. Enter the text to confirm you want to start the forest recovery process.

Summary Page

The Summary page includes links to view the jobs or the runbook.