Restoring a Whole Domain

If you deleted or damaged a section of Active Directory, and you have more than one domain controller (DC) for the domain, the damage will have likely replicated to all of the domain controllers (DCs) in the domain.

The main difference between restoring a single DC and restoring the whole domain is that you should first boot all of the domain's DCs into Directory Services Restore Mode (DSRM). Do this before you begin the restore process. (Or temporarily disconnect the network cables from the domain controllers.) Otherwise when you restore a DC one of the bad DCs will immediately attempt to replicate the bad changes to the newly restored DC and “infect” it.

To avoid “infection” of the restored DCs, use the following procedure:

1. Install UMove on each DC.
2. Boot all of the DCs into Directory Services Restore Mode (DSRM). Or ensure they are disconnected from the network.
3. Verify that no domain controllers for the domain are serving Active Directory. (You can allow any DCs serving other domains to continue to run normally.)
4. On each DC do a simple restore to reload AD. Start first with the Primary Domain Controller (PDC).
5. While each DC reboots you can reconnect it to the network.
6. Clean up and uninstall UMove.

See also Restoring the Entire Forest.