Best Practice for Repairing or Restoring a Domain Controller on a VM

Hi.. is there any best practices on restoring a domain controller that is on a VM using RMAD? just a DC and not the forest?

Like if VM goes down.. need to recreate the VM (as there is no snapshots) other than reinstalling active directory.

if the VM is recreated with the exact same configuration, can we just do a repair?

what would those steps look like?

  • I would recommend to read RMAD-FE pdf manual and search online (forum) about details because the question used to be answered in past.
    (my understanding) answer is NO.
    1. RMAD restores AD/DIT/GPO layer (both Online Object recovery and AD recovery) on top on the *exactly same Windows Server instance* where the BKF was made originally.
    2. RMAD does not restore Windows Server layer.
    3. Restoring BKF on different Windows Server Instance (even same server name, but different OS instance security content, SID etc.) is not supported by MSFT: "you may try on your own risk", because it violates internal intimate dependency of AD "software" on the Windows OS layer.
    4. That's why it is important to prepare to AD recovery in advance (few DCs in case of lost of Windows OS, BKF corruption etc.)
  • this information is about 5-10yo. No sure, if anything changed on the matter recently on MSFT DC/AD technology side?