No administrator likes to think that one day they may have to restore Active Directory from a backup. However it is important that you plan for such an occasion. Setting up a test server to run through scenarios is a good idea, it is important to make time for this sort of disaster planning. I learnt this lesson the hard way.

Whilst this guide does not profess to be the oracle on AD recovery it does document my experiences of dealing with a loss of critical data. Maybe there is a better way to go about this, but my method worked, and will do just fine for me!
Scenario: One of your major AD groups has been deleted, no accounts are functioning other than those in the built-in group, so just the odd admin has access. You have multiple domain controllers but they have already replicated.

Action: Firstly logon to the server you wish to restore to, you may have to do this locally depending on your account configuration, this will be the password you specified when promoting the server to a DC. I did not know the local admin password so logged on with a built in domain account that was still functioning, to change the dsrm password follow these steps:


( Read more )