Recover DC with Only System State Backup

Have you ever had to restore an Active Directory Domain Controller from scratch with only System State backup?

If so, and you already looked over the Internet, probably no direct results mentioned that procedure, basically due to it’s simplicity.

Indeed simple procedure. Starts by building (format and install Windows OS) the server and install all the updates to match the same version and edition used on the original DC.

Enable all features and roles needed and were on the original DC, but do not configure any of it.

Isolate the server, you may use an isolated port or simply change the IP address to something not in that subnet, to avoid conflicts and service interruption.

Promote to domain controller as new domain in new forest. Better to use the original names of DC and domain.

Reboot to DSRM, and login.

Start the system state restore process.

Once done and rebooted, check the event log for any critical / serious messages. If not exist, then you can connect to the network and resync with other domain controllers.

I’ve successfully applied this on Windows 2012R2 and will soon test it again with 2016 and 2019 servers.

However, I still strongly recommend you have the bare metal backup, and perform restore testing every six months.


Reset Exchange Logs without Backup


You may come to a situation where the client is unable to use an Exchange aware backup solution, and for temporary situation, they cannot use the Windows backup. So basically you need to reset the Exchange LOGs without performing any actual backup.

This is applicable to Exch 2010 & 2013 on Windows 2008, 2008R2, 2012, and 2012R2
It works with single server, as well as DAG setups

Open elevated CMD

Run Diskshadow
Type “add volume E:”
(considering E: is the drive where LOG files exists)
Type “begin backup”
Type “create”
(This action will take some time, depending on the number of LOG files exist, and connection speed)
Type “end backup”

You should notice now the LOGs are being deleted

Make a full backup after this to protect the data