Hi Experts,
I'm in the prcess of creating AD Forest recovery process for our infrastructure. Currently all our FSMO roles are placed in one DC and all DC's are GC. We have one root and 4 child domains and all DC's are WIN2k8R2.
At the time of DC recovery, we need to select one DC from root domain. So it it advisable to restore the DC which has all thr FSMO roles or do i need to select any other DC from forest domain?
After reading the MS forest recovery doc, i have created below steps. Did i miss any points on below steps or any correction.
2. Decide the DC for recovery
3. Configure Selected DC's boot in DSRM mode
4. Disconnect the network cable from root domain dc / Shutdown all the DC's except the selected Root DC
5. Reboot selected forest DC in DSRM mode
6. On Root DC : Perform nonauthoritative of AD DS & Authoritative SYSVOL restore
a. Login to DC using DSRM pwd
b. get the version number of the backups which you have created
c. identify the backup you want to restore
d. restore AD in nonauthoritativly & SYSVOL in authoritativly
7. Reboot the DC in normal mode
8. Remove GC
9. Check DNS service
10. Create DWORD "HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Repl Perform Initial Synchronizations" with value 0
11. Seize FSMO roles
12. Metadata cleanup for other DC's in Root Domain
13. Remove A record of deleted DC's from Forward lookup zone and from _msdcs zone
14. Raise RID value by 100,000
15. Invalidate current RID pool
16. Reset computer account pwd of DC's twice (Current adminstrator pwd)
17. Reset krbtgt account pwd twice
18. Configure time source
19. Install OS on other DC's and do DCPROMO
20. Enable GC on Root DC's
21. Do a force replication from initial restore forest DC
Regards, Nidhin.CK