Active Directory How-To

How To Restore Active Directory System States

Sometimes things go wrong. Here's how to quickly get a do-over in Active Directory.

It is important to make sure you have a reliable backup of your domain controller.  Without a backup, it is not possible to restore.  This article will describe how to restore the System State on a domain controller provided you have a good backup. On a Windows Server, there are more than 40,000 system state files that use around 4GB of disk space. Windows has a built-in tool that allows you to back up and restore a server's system state, which is fast and easy to use. The Wbadmin can be used with the Start SystemStateBackup command to create a backup of the system state for a computer and the Start SystemStateRecovery command to restore the system state. When restoring a system state on a domain controller, you have to be in the Directory Services Restore mode (DSRM).

Booting to DSRM can be done is several ways (the Administrator account and password for DSRM is required to log on to the domain controller in DSRM):

  • Pressing F8 during the startup of the domain controller.  This requires you to have physical access to the server and to wait for the prompt.
  • Use the Windows GUI: System Configuration (Msconfig.msc).  This is an administrative tool that allows you to configure boot and startup options, including restarting in DSRM and normal mode. Click Start menu / Administrative Tools / System Configuration. On the Boot tab, click Safe boot / Active Directory repair and choose OK.
  • In the System Configuration dialog box, click Restart. The domain controller restarts in DSRM.
  • Command line: Bcdedit.exe.  This is a command-line tool that allows you to modify the boot configuration on a server that is running Windows Server 2008. The Bcdedit command can be used in conjunction with the shutdown command to instruct the domain controller to restart in DSRM and to restart normally.  You have to be a member of the domain admins group to use this feature. Run a command prompt as administrator and type bcdedit /set safeboot dsrepair and then shutdown -t 0 -r.  
  • You can restart the domain controller in Directory Services Restore Mode (DSRM) remotely if you have user right to log on locally to a domain controller. When you restart a domain controller in DSRM, it takes it offline and it functions as a member server instead of a domain controller.

To start the system state restore, type the following at an elevated command prompt:

  • wbadmin get versions  (This command will list details about the available backups that are stored on the local computer or another computer)
  • wbadmin start systemstaterecovery –version:<version> -quiet  (this command will restore the version specified). For example: wbadmin start systemstaterecovery –version:06/02/2015-07:30 -backupTarget:\\servername\share -machine:servername –quiet. The parameters that can be used with the wbadmin start systemstaterecovery are listed in the table below.


Description of Parameters


Specifies the version identifier for the backup to recover in MM/DD/YYYY-HH:MM format.


Reports the summary of the last system state recovery.  If this parameter is used, it cannot be accompanied by any other parameters.


Specifies the storage location that contains the backup which will be recovered.


This parameter is used when the -backupTarget parameter is specified.  It specifies the name of the computer that you want to recover. You would use this parameter when multiple computers have been backed up to the same location.  


Specifies the directory where the backup will be restored. This parameter is used if the backup is restored to an alternate location.


If used, performs an authoritative restore of SYSVOL (the System Volume shared directory).


This parameter specifies that the system will restart when the recovery has completed. You can only use this when a recovery to the original location is used.  This will cause an automatic reboot, so you should not use this if you intend to do additional procedures to the server after the recovery.


Runs the subcommand with no prompts to the user.

  • Once the SystemState restore has been finished, select N to reboot the system.  You will want to make sure that it reboots in normal mode.
  • After you have successfully completed a restore and you want to restart in normal mode, open a command prompt and type the following: bcdedit /deletevalue safeboot. Followed by: shutdown -t 0 –r.

In the unfortunate event that you have to perform a systemstate recovery, the wbadmin start systemrecovery command will allow you to perform the recovery.  It cannot be overstated that a good backup routine is necessary before a recovery can take place.  One thing to note is that Windows Server Backup does not back up or recover registry user hives (HKEY_CURRENT_USER) as part of system state backup or system state recovery. 

About the Author

Troy Thompson has worked in network administration for over 25 years, serving as a network engineer and Microsoft Exchange administration in Department of Defense, writing technology articles, tutorials, and white papers and technical edits. Troy is a Cisco Certified Academy Instructor (CCAI), and has numerous other certifications including CCNA, MSCE+I, Network+, A+ and Security+. Troy has also traveled the world playing music as the guitarist for the band Bride. Contact information is [email protected].


comments powered by Disqus

Subscribe on YouTube