How to Restore Active Directory (Full Restore & System State)

In this guide, you will learn how to restore Active Directory from a Windows Server Backup.

You will need to have a full server backup or a system state backup to continue. If you need backup instructions then check out my how to backup Active Directory guide.

I’m going to show you two options for restoring an Active Directory server:

1. Full Server Restore
   • Requires a Windows full server backup.
   • Allows recovery when the machine won’t start.
   • Allows bare metal restore which means you can restore it to a different machine or hardware.
2. System State Restore
   • Allows recovering important system files such as Active Directory, registry, and sysvol.
   • Does not work well when restoring to different hardware. Works best for restoring to the same machine.

In my testing, a full server restore works best and is far more flexible than a system state backup. If you take a full server backup it also includes a system state backup.

Video Tutorial

If you don’t like videos then continue reading the details below.

Option 1: Full Active Directory Server Restore

In this example, the network was hit with a virus, users can’t log into the network and the server keeps blue screening. I’ve tried to reboot and repair it with no luck. It’s time to completely restore the server from backup.

Step 1: Shutdown Server

Shut down the infected domain controller. It is no longer needed as we will be creating a new server from backup.

Step 2. Create New Server

I’m going to create a new server and attach my backup disk to it. I’m using Hyper-v but this will work with any hypervisor or a physical machine.

You must have your backup on a dedicated disk for this to work. If using a physical machine this could be a dedicated external drive or a secondary internal drive. For a VM this is a secondary attached drive.

1. Attach the backup disk to the new server.
2. Boot from the Window ISO, just like you would for installing a new server.

Step 3: Repair Your Computer

Boot the server from the Windows Server ISO and select “Repair your computer”

Click on “Troubleshoot”

Click on “System Image Recovery”

Now you should get the option to use the latest backup or select a system image. I’ll choose the latest backup.

Click “Next”.

Click “Finish”

The restore progress window will display.

When the restore is complete you should now have a working server from the last good backup. I’m able to log in and Active Directory is working as expected. Restoring from a system image is very fast, the whole restore process took about 10 minutes.

Option 2: Active Directory System State Restore

In this example, something has gone badly wrong with Active Directory. Some critical services are will not start, no users or computers are displayed in Active Directory, and DNS is not working. The server boots fine and I can log into the server so the operating system is ok. In this case, I can do a system state restore to repair the Active Directory Domain Services.

1. Boot into Directory Services Restore Mode (DSRM)

Reboot the server and start pressing f8 to access the Advanced Boot options.

Select “Directory Services Repair Mode’ and select enter.

Log into the server with the local administrator account. The domain services will not be available so the local account will be the only account available.

2. Open Windows Server Backup.

Select Recover.

Select “This Server” for where the backup is stored.

Select the backup you want to restore then click next.

Select “System state” and click “next”.

Select “Original Location”. You need to consider if an authoritative restore of Active Directory is needed. If you have other sites that contain healthy domain controllers then you may not need an authoritative restore. In this example, I have one site so I want to reset all replicated content.

On the confirmation page click the “recover” button to start the restore process. The restore will now start, and will you have a process page. The system state restore takes much longer than a full restore (not sure why).

When the restore is complete, reboot and log into the server as normal. You should get a command line showing that the restore was completed. Mine says it was completed with errors but everything seems to be working fine now.

That is it.

I just showed you two options for restoring Active Directory from backup. I recommend using the full server option for backing up Active Directory. It will allow you to restore the full server or just the system state. There may be an incident that requires a full server recovery and if you just have a system state backup then you are in big trouble.