I'm in the process of creating AD Forest recovery process for our infrastructure. Currently in root domain, all FSMO roles are placed in one DC and all DC's in entire forest are GC. We have one root and 4 child domains and all DC's are WIN2k8R2.
I have one question. At the time of DC recovery, we need to select one DC from from each domain. So it it advisable to restore the DC which has all the FSMO roles or do i need to select any other DC from forest domain?
After reading the MS forest recovery doc, i have created below steps. Did i miss any points on below steps or any correction.
1. Update DSRM password for the DC's2. Decide the DC for recovery3. Configure Selected DC's boot in DSRM mode4. Disconnect the network cable from root domain dc / Shutdown all the DC's except the selected Root DC5. Reboot selected forest DC in DSRM mode6. On Root DC : Perform nonauthoritative of AD DS & Authoritative SYSVOL restorea. Login to DC using DSRM pwdb. get the version number of the backups which you have createdc. identify the backup you want to restored. restore AD in nonauthoritativly & SYSVOL in authoritativly 7. Reboot the DC in normal mode 8. Remove GC9. Check DNS service10. Create DWORD "HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Repl Perform Initial Synchronizations" with value 011. Seize FSMO roles12. Metadata cleanup for other DC's in Root Domain13. Remove A record of deleted DC's from Forward lookup zone and from _msdcs zone14. Raise RID value by 100,000 15. Invalidate current RID pool16. Reset computer account pwd of DC's twice (Current administrator pwd)17. Reset krbtgt account pwd twice18. Configure time source19. Install OS on other DC's and do DCPROMO20. Enable GC on Root DC's21. Do a force replication from initial restore forest DC