i have following questions on RMAD forest recovery plan which i got exported from my forest project
1)Restart domain controller in DSRM if necessary
If DSRM is not the current mode, this step restarts the domain controller in DSRM and resets the DSRM password.
question-why is it necessary to reset the DSRM password if it is know by us
2) Enable domain controller isolation
Uses IPsec policies to restrict all traffic on the DC except:
- Network traffic to/from the Forest Recovery Console
- Incoming RDP traffic
- Incoming and outgoing ICMP traffic
- Incoming and outgoing DNS traffic
- File share access traffic
- Internal TCP traffic
This step does not delete any existing IPsec policies.
question -is this being used to avoid the DC from being inundated with client requests
can you provide me the details of the ipsec policy set
3) Restart domain controller in normal mode
Restarts the DC in normal mode.
Then, resets the user password to the value specified in the DC recovery settings.
This password reset is required to overwrite the old password restored from backup.
question-why the user password is being reset in this step and why?
4) Reset DSRM administrator password
Resets the DSRM administrator password to the value specified in the DC recovery settings.
question-why is it necessary to reset dsrm password in scenarios where it is already known to us
5) Reset the Krbtgt password
Resets the krbtgt password twice to an automatically-generated value to isolate domain controllers that were not recovered.
By default, the automatically-generated password value includes 12 characters: at least one lower-case English letter, one upper-case English letter, one digit, and one non-alphanumeric character.
question -why is it necessary to isolate domaincontrollers which is not recoved,is the reset of krtbgt password twice mandatory?
6)Set initial SYSVOL replication mode if applicable
Forces authoritative SYSVOL restore if the Forest Recovery Console machine was explicitly or automatically selected as an authoritative SYSVOL source.
question-would like to know if possible to perform authoritative sysvol restore outside of a forest recovery scenario