locked
Domain controller restore after ransomware attacks RRS feed

  • Question

  • Hi,

    I have 30 DC deployed on multiple geographical region. If in case ransomware attacked my domain controller. I will switch of my DC immediately to avoid major outage.

    Can I follow the below solution to overcome the situation.

    I am taking full server backup for 5 different domain controller. I can take any one backup to restore.

    If I am restoring the full backup on newly build server does my client and application,certificate authority works as expected.

    Monday, April 27, 2020 4:35 AM

Answers

All replies

  • Hi,

    Thanks for posting here!

    I would recommend you force the DC to be demoted ,and promote it again.After replicate finished ,everything will be normal.

    The method also works for a newly build server. We don't need to restore it from a backup if there are still good DCs existing.

    If i misunderstand you ,please feel free to let me know.

    Best Regards,

    Fan

     


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, April 27, 2020 6:13 AM
  • Let say all my domain controller are fully affected by Ransomware, in this case I've to restore the backup to bring my domain controller online in a newly build server.

    I don't want to use all affected domain controller.

    let me know the suggestion to bring the domain controller online.

    I have physical domain server there is no DC in virtual machine.

    If I restore the bare metal AD backup on newly build server will my client PC, Applicaiton, ADFS, ADCS ,file server,DFS all will work without any issue.

    Monday, April 27, 2020 6:20 AM
  • Yes - the restore would be a valid approach.

    Alternatively, you can simply reinstall OS and promote the server to a domain controller with the same name/IP address - assuming you have multiple DCs

    hth
    Marcin

    Monday, April 27, 2020 10:19 AM
  • Let assume the situation 

    After done the full restore how do my clients knows the newly deployed domain controller.

    Do I need to perform domain join, is there any Trust relation error occurs between DC and servers.

    Monday, April 27, 2020 10:57 AM
  • Hi,

    Based on my research,after a successful restore, there is no need to perform domain join.

    Following restore related links for your reference:

    AD Forest Recovery - Procedures

    Backing Up and Restoring an Active Directory Server

    Restoring a domain controller may cause inconsistencies between domain controllers

    Best Regards,

    Fan


    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by mcsebala Friday, May 1, 2020 4:19 AM
    Wednesday, April 29, 2020 9:16 AM