Answered by:
Domain controller restore after ransomware attacks

Question
-
Hi,
I have 30 DC deployed on multiple geographical region. If in case ransomware attacked my domain controller. I will switch of my DC immediately to avoid major outage.
Can I follow the below solution to overcome the situation.
I am taking full server backup for 5 different domain controller. I can take any one backup to restore.
If I am restoring the full backup on newly build server does my client and application,certificate authority works as expected.
Monday, April 27, 2020 4:35 AM
Answers
-
Hi,
Based on my research,after a successful restore, there is no need to perform domain join.
Following restore related links for your reference:
AD Forest Recovery - Procedures
Backing Up and Restoring an Active Directory Server
Restoring a domain controller may cause inconsistencies between domain controllersFan
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com
- Marked as answer by mcsebala Friday, May 1, 2020 4:19 AM
Wednesday, April 29, 2020 9:16 AM
All replies
-
Hi,
Thanks for posting here!
I would recommend you force the DC to be demoted ,and promote it again.After replicate finished ,everything will be normal.
The method also works for a newly build server. We don't need to restore it from a backup if there are still good DCs existing.
If i misunderstand you ,please feel free to let me know.
Best Regards,
Fan
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com
Monday, April 27, 2020 6:13 AM -
Let say all my domain controller are fully affected by Ransomware, in this case I've to restore the backup to bring my domain controller online in a newly build server.
I don't want to use all affected domain controller.
let me know the suggestion to bring the domain controller online.
I have physical domain server there is no DC in virtual machine.
If I restore the bare metal AD backup on newly build server will my client PC, Applicaiton, ADFS, ADCS ,file server,DFS all will work without any issue.
Monday, April 27, 2020 6:20 AM -
Yes - the restore would be a valid approach.
Alternatively, you can simply reinstall OS and promote the server to a domain controller with the same name/IP address - assuming you have multiple DCs
hth
MarcinMonday, April 27, 2020 10:19 AM -
Let assume the situation
After done the full restore how do my clients knows the newly deployed domain controller.
Do I need to perform domain join, is there any Trust relation error occurs between DC and servers.
Monday, April 27, 2020 10:57 AM -
Hi,
Based on my research,after a successful restore, there is no need to perform domain join.
Following restore related links for your reference:
AD Forest Recovery - Procedures
Backing Up and Restoring an Active Directory Server
Restoring a domain controller may cause inconsistencies between domain controllersFan
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com
- Marked as answer by mcsebala Friday, May 1, 2020 4:19 AM
Wednesday, April 29, 2020 9:16 AM