Forest Recovery: Create and run AD DC recovery plan

---

Content: 

Summary

This article describes how to create and run an AD DC recovery plan.

AD DC recovery plan allows performing authoritative restores and nonauthoritative restores. 

You might have to perform an authoritative restore if an administrator inadvertently deletes an organizational unit (OU) containing a large number of users.  Authoritative restore allows you to mark the OU as authoritative and force the replication process to restore it to all the other domain controllers in the domain.

A nonauthoritative restore allows the entire directory to be restored on a domain controller, without reintroducing or changing objects that have been modified since the backup.

 

Create and configure an AD DC recovery plan to recover the whole domain authoritatively

To perform an authoritative restore of the selected domain and all child objects:

1. Open Cayosoft Guardian Web Portal
2. Expand Forest Recovery node
3. Click on the Recovery Plans node
4. Select Add AD DC recovery plan
5. On Domain Controllers tab select DC and press Properties
6. Select a backup that will be used to recover the selected domain controller
7. Change AD database authoritative restore option value to Complete Authoritative Restore 
8. (Optionally) Modify Authoritative Restore Version increment if required

 

Create and configure an AD DC recovery plan to recover the selected container authoritatively (an OU for example) 

To perform an authoritative restore of the selected container and all children:

1. Open Cayosoft Guardian Web Portal
2. Expand Forest Recovery node
3. Click on the Recovery Plans node
4. Select Add AD DC recovery plan
5. On Domain Controllers tab select DC and press Properties
6. Select a backup that will be used to recover the selected domain controller
7. Change AD database authoritative restore option value to Partial Authoritative Restore (This option allows to restore subtree and all children of the subtree.)
8. Click on Add value under Subtree and add one or more distinguished name(s) of the objects to be recovered 
9. (Optionally) Modify Authoritative Restore Version increment if required

 

Configure an AD DC recovery plan to recover the selected AD DC non-authoritatively 

To perform a non-authoritative restore of the selected AD DC:

1. Open Cayosoft Guardian Web Portal
2. Expand Forest Recovery node
3. Click on the Recovery Plans node
4. Select Add AD DC recovery plan
5. On Domain Controllers tab select DC and press Properties
6. Select a backup that will be used to recover the selected domain controller
7. Change AD database authoritative restore option value to Partial Authoritative Restore (This option allows to restore subtree and all children of the subtree.)
8. Click on Add value under Subtree and add one or more distinguished name(s) of the objects to be recovered 
9. (Optionally) Modify Authoritative Restore Version increment if required

Run an AD DC recovery plan

1. Open Cayosoft Guardian Web Portal
2. Expand Forest Recovery node
3. Click on the Recovery Plans node
4. Select Add AD DC recovery plan and press Run
5. Observe recovery progress

Review AD DC recovery plan execution results

1. Open Cayosoft Guardian Web Portal
2. Expand Forest Recovery node
3. Click on the Recovery Plans node
4. Select your recovery plan and press Properties
5. On the backup plan properties page switch to an Execution History tab
6. Find a history record for execution of verification, select and press Properties 
7. See execution details on the Execution and the Errors and warnings tabs