none
Domain Controller backup not working

    Question

  • Hi,

    I have two DC( Primary and Additional) with Windows Server 2016 that both of them are running on Hyper-V. I've backed up from primary dc and I've restored that to another location and then I've turned off primary dc. Unfortunately, Primary DC's backup didn't work and additional dc cannot work when primary dc is not turn on. Therefore, client's outlook asked for credentials when it was authenticating the users. Any help would be appreciated.

    Thanks

    Saturday, April 20, 2019 7:00 AM

Answers

All replies

  • can anybody help me?
    Saturday, April 20, 2019 8:13 AM
  • Hi,

    I suggest you go through the articles below:

    AD Forest Recovery - Backing up a full server
    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-backing-up-a-full-server

    Active Directory Forest Recovery Guide
    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-guide


    In the article below you will have all the required procedures for backing up and restoring an AD forest:

    AD Forest Recovery - Procedures
    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-procedures

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Saturday, April 20, 2019 8:18 AM
  • Backup / restore is not recommended when multiple domain controllers are used due to potential rollback conditions. If secondary DC is not working then better to work on that problem. I'd check that problem members have the static ip address of both domain controllers listed for DNS and no others such as router or public DNS. If you needed further assistance then please run;

    • Dcdiag /v /c /d /e /s:DCName >c:\dcdiag.log
      (please replace DCName with your domain controller's netbios name)
    • repadmin /showrepl >C:\repl.txt
    • ipconfig /all > C:\dc1.txt
    • ipconfig /all > C:\dc2.txt
    • ipconfig /all > C:\workstation.txt

    then put files up on OneDrive and share a link.

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Saturday, April 20, 2019 9:16 AM
  • Seize the fsmo roles in secondary DC, this should solve the problem or else bring back primary DC, let it replicate with secondary DC then initiate system state backup (it's valid for TSLT 60days by default).
    Saturday, April 20, 2019 7:11 PM
  • Hello,
    Thank you for posting in our TechNet forum.

    Standard Windows backup including the system state. Bear in mind that if one DC in a domain fails, the correct thing to do is to build a new one and let it sync from the remaining DCs. Restoring a DC backup in a multi-DC environment may be potentially disastrous.

    What's wrong with the primary DC so that we need to recover it from the backup? We can try to repair primary DC and additional DC.

    Check if the two DCs have static IP addresses.
    Check if both DCs are DNS servers.
    Check if the Preferred DNS of the 
    client's outlook is the IP address of the two DCs.


    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 22, 2019 6:12 AM
    Moderator
  • Backup / restore is not recommended when multiple domain controllers are used due to potential rollback conditions. If secondary DC is not working then better to work on that problem. I'd check that problem members have the static ip address of both domain controllers listed for DNS and no others such as router or public DNS. If you needed further assistance then please run;

    • Dcdiag /v /c /d /e /s:DCName >c:\dcdiag.log
      (please replace DCName with your domain controller's netbios name)
    • repadmin /showrepl >C:\repl.txt
    • ipconfig /all > C:\dc1.txt
    • ipconfig /all > C:\dc2.txt
    • ipconfig /all > C:\workstation.txt

    then put files up on OneDrive and share a link.

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Hi Dave,

    Here you go: https://onedrive.live.com/?authkey=%21ABmTl16QyyFQoGk&id=73B24886B791737%21478&cid=073B24886B791737

    Monday, April 22, 2019 11:21 AM
  • Nothing obvious, looks Ok from active directory perspective. I'd probably ask for more help in outlook or exchange forums.

    https://social.technet.microsoft.com/Forums/en-US/home?forum=outlook

    https://social.technet.microsoft.com/Forums/office/en-US/home?category=exchange2010%2Cexchangeserver

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, April 22, 2019 12:40 PM
  • Hi,

    when you backed up and restored the primary DC to another location, the IP address will change and that is a total damage to the AD environment. So that is not the right way unless you have the extended LAN. Also if there was a delay in the restore and the type of the restore would lead to lot of confusions

    I would suggest, build a server in the other location, promote it as an additional domain controller for the existing domain. Ensure the replication is successful, then demote one of the two DCs in the primary site. This will avoid such confusions.

    Regards,
    Bala N

    Monday, April 22, 2019 3:49 PM
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 24, 2019 2:07 AM
    Moderator
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.

    Thanks for your time and have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 26, 2019 1:39 AM
    Moderator