Standby forest recovery health check

This article provides a recommended procedure to verify the health of a standby (recovery) Active Directory forest after it has been brought online. These checks help ensure that the standby environment is functioning correctly and ready for use if a production failover is required.

Verifying standby forest health

1. Turn on the recovery site by power on the infrastructure hosting your recovery site.
2. Deploy a new virtual machine (VM) in the recovery site and join it to one of the recovered domains.
3.  To access cloud VMs from on-premises, you can use:
   • Azure Bastion - Connect to a Windows VM using RDP

• Azure VPN Gateway - About Azure Point-to-Site VPN connections

4. Verify that the directory structure, including organizational units (OUs), users, and computers, is intact.
5. Create and test a new object
   • Create a test user or group to confirm write operations work as expected.
   • Attempt to sign in as the new user to validate authentication.
6. Run the following command to review replication summary and identify any issues:
7. Run a domain controller diagnostic check by execute the following command and review the output for errors or warnings:
   dcdiag /v
8. Validate domain trusts:
   1.  Open Active Directory Domains and Trusts.
   2.  In the console tree, right-click the domain containing the trust you wish to validate and select Properties.
   3. On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), select the trust and click Properties.
   4. Click Validate, then confirm with Yes to validate the incoming trust.

TIP: Perform these checks regularly or after any major recovery test to ensure that your standby environment remains healthy and ready for failover.