Recover an Active Directory Forest

To recover an AD forest, you use a runbook. You can use a runbook as many times as needed. Each time you use a runbook, a new instance of the runbook appears on the Monitoring tab of the forest.

Start the Active Directory Forest Recovery Wizard

1. From the Command Center navigation pane, go to Protect > Active Directory.

   The Overview page appears.

2. On the Forests tab, click the forest to recover.

   The forest page appears.

3. On the Runbooks tab, click the runbook.

   The runbook page appears.

4. In the upper-right area of the page, click Restore.

Recovery Point Page

1. Select the type of environment to recover to:

   • Non-production environment

   • Production environment

   Caution

   This option influences the recovery methods that are available for the runbook. Even when selecting the production environment option, it is critical that the network configuration you provide ensures the recovered domain controllers cannot communicate with the original DCs.

2. Click Next.

   A confirmation dialog box appears.

3. Enter the text to confirm the recovery.

4. Click Start.

Domain and Domain Controllers Page

1. Select the domain controllers to include in the recovery.

   If you don't select at least one DC for a domain, then that domain is removed from the recovered forest and all its metadata is cleaned up. You must configure at least one DC from each domain to recover AD from backup using Recover AD to clean VM (database only) or Recover to new VM (full System State) options.

2. Click Next.

Recovery Points Page

1. Select the recovery points—that is, the backups to recover the data from.

   You can select the same recovery point for all DCs, or you can select different recovery points.

2. Click Next.

Domain Credentials Page

If the runbook does not have credentials configured for some of the domains in the runbook, you must enter them on the Domain Credentials page. If the runbook has credentials configured for some of the domains, verify that the credentials are still valid.

Domain credentials are for user accounts that have administrative access to your AD domains. The domain credentials are used to perform runbook configuration steps, such as “Seize FSMO roles” and “Raise RID pool”, that require access to Active Directory.

Because cross-domain authentication is disrupted during a forest recovery, for each domain, specify a separate credential that is a privileged AD user account local to that domain, preferably an account that belongs to the Domain Admins group in the local domain.

1. Select the domains to specify the same credentials for.

2. Click Configure domain credential.

   The Active Directory credential dialog box appears.

3. For Credential, select the credential.

4. Click Submit.

5. On the Domain Credentials page, click Next.

Restore Options Page

1. Review and make any necessary changes to the restore options for the domain controllers in the runbook. For more information, see the following:

   • Recover AD to Clean VM Options

   • Recover to New VM Options

   • Specify DC Promotion Options

2. Click Next.

Recovery Node Page

1. For Recovery node, select the server you want to orchestrate the tasks in the runbook, including requesting the domain controller recovery jobs and making configuration changes to Active Directory.

2. Click Next.

Runbook Steps Page

1. Perform a final review of the steps in your runbook.

   You can skip steps.

2. Click Start.

   A confirmation dialog box appears.

3. Enter the text to confirm you want to start the forest recovery process.

Summary Page

The Summary page includes links to view the jobs or the runbook.