Active Directory How-To

How To Restore Active Directory System States

Sometimes things go wrong. Here's how to quickly get a do-over in Active Directory.

• By Troy Thompson
• 08/12/2015

It is important to make sure you have a reliable backup of your domain controller.  Without a backup, it is not possible to restore.  This article will describe how to restore the System State on a domain controller provided you have a good backup. On a Windows Server, there are more than 40,000 system state files that use around 4GB of disk space. Windows has a built-in tool that allows you to back up and restore a server's system state, which is fast and easy to use. The Wbadmin can be used with the Start SystemStateBackup command to create a backup of the system state for a computer and the Start SystemStateRecovery command to restore the system state. When restoring a system state on a domain controller, you have to be in the Directory Services Restore mode (DSRM).

Booting to DSRM can be done is several ways (the Administrator account and password for DSRM is required to log on to the domain controller in DSRM):

• Pressing F8 during the startup of the domain controller.  This requires you to have physical access to the server and to wait for the prompt.
• Use the Windows GUI: System Configuration (Msconfig.msc).  This is an administrative tool that allows you to configure boot and startup options, including restarting in DSRM and normal mode. Click Start menu / Administrative Tools / System Configuration. On the Boot tab, click Safe boot / Active Directory repair and choose OK.
• In the System Configuration dialog box, click Restart. The domain controller restarts in DSRM.
• Command line: Bcdedit.exe.  This is a command-line tool that allows you to modify the boot configuration on a server that is running Windows Server 2008. The Bcdedit command can be used in conjunction with the shutdown command to instruct the domain controller to restart in DSRM and to restart normally.  You have to be a member of the domain admins group to use this feature. Run a command prompt as administrator and type bcdedit /set safeboot dsrepair and then shutdown -t 0 -r.  
• You can restart the domain controller in Directory Services Restore Mode (DSRM) remotely if you have user right to log on locally to a domain controller. When you restart a domain controller in DSRM, it takes it offline and it functions as a member server instead of a domain controller.

To start the system state restore, type the following at an elevated command prompt:

• wbadmin get versions  (This command will list details about the available backups that are stored on the local computer or another computer)
• wbadmin start systemstaterecovery –version:<version> -quiet  (this command will restore the version specified). For example: wbadmin start systemstaterecovery –version:06/02/2015-07:30 -backupTarget:\\servername\share -machine:servername –quiet. The parameters that can be used with the wbadmin start systemstaterecovery are listed in the table below.

• Once the SystemState restore has been finished, select N to reboot the system.  You will want to make sure that it reboots in normal mode.
• After you have successfully completed a restore and you want to restart in normal mode, open a command prompt and type the following: bcdedit /deletevalue safeboot. Followed by: shutdown -t 0 –r.

In the unfortunate event that you have to perform a systemstate recovery, the wbadmin start systemrecovery command will allow you to perform the recovery.  It cannot be overstated that a good backup routine is necessary before a recovery can take place.  One thing to note is that Windows Server Backup does not back up or recover registry user hives (HKEY_CURRENT_USER) as part of system state backup or system state recovery.