Restoring a system state backup (Captain’s Log)

 

The following is the restoration of a system state backup in the ‘Captain’s Log’ format. Meaning its not very refined, might have some typos, but it will have all the steps and also the decisions that I made and why.

1. I created a group policy on the domain level, by which I ‘Removed Help menu from the Start Menu’ for all users.
2. I ran gpupdate /force
3. Ran ntbackup
4. Selected SystemStateBackup, selected a ‘Normal’ copy and then provided a location on D for copying the backup file.
5. Backup has started and its going on well. It took some time reading the data to backup and then the numbers appeared in the ‘Backup Progress’ screen. Initially it showed me an estimated time of 3 minutes
6. It took a little over 3 minutes. I believe in production environments it will be quite higher than this.
7. I clicked on ‘Report’ to check whether there is anything untoward. There wasn’t.
8. I checked the size of the backup file, it is 503 MB.
9. Transferring the file to DEN-SRV1
10. I don’t like copying stuff to root and don’t like to bury my file under millions of folder. So I am copying in the legal folder on C Drive.
11. Copy complete.
12. Now assuming that my DEN-DC1 is dead. I am going to close my virtual machine and delete all changes, since I want to use this machine for future labs and want to keep the size to minimum. This can be a very tricky scenario.
13. Before running dcpromo, note that the DEN-SRV1 is already joined to the domain being controlled by DEN-DC1. I will keep the IP and network settings as is and see what happens. As this can happen in a real scenario.
14. Selected ‘Domain controller for a new domain’
15. Selected ‘Domain in a new forest’
16. Provided the full DNS name contoso.msft. This name should exactly be the same as name of my domain. I can’t create a new domain and restore the backup of the old domain to this new domain. I know this much, okay. (Angry smiley)
17. After giving the FULL DNS name for the new domain, I pressed ‘Next’ and its still pressed after a minute. Lets see what happens. 7:25
18. okay done. Within a minute.
19. Now asking Domain NetBIOS name, for which I have given ‘CONTOSO’
20. Going with default database folder and log folder.
21. and sysvol folder.
22. hmmmm. DNS diagnostic failed. Obviously it would fail, since DEN-DC1 was also my DNS server. Three available options and I am going with ‘Install and configure the dns server o nthis computer, and set this computer to use this dns server as it preferred dns server’
23. Asked for ‘Restore Mode’ and ‘Confirm’ password, and I entered Pa$$w0rd. Yes I know they are the same.
24. Now I think installing the DNS. As I can see a server icon, with a book icon in the front and a crazy pencil writing something on it.
25. Hmmm. I got this message. Because I chose not to remove my original IP settings and/or disjoin the computer from the domain. So it has done it himself.

1. Sheezers. I should have tested the backup before running the dcpromo. Maybe I wouldn’t have required to run the dcpromo. Anyways I can try it later. Bolded to remember what I have to try later.
2. Crazy pencil has finished writing and some installation started, no no the pencil is back again now. ‘Configuring DNS service on this computer’
3. Okay its complete now. And its asking for a restart. Shall I restart. Okay I will. What have I got to lose except time. Its all virtual machines, I can revert back to a earlier point in time.
4. Okay the machine is restarted now.
5. I have logged in and now I will try to restore the backup by double clicking on it. I know that it doesn’t work as I would have restart the server in safe mode and use NTDSUTIL to restore the backup, but whats the harm in trying.
6. ntbackup has started. I am going in wizard mode.
7. Selected restore file and settings and browsed to the file again. Double clicking the backup file just started the ntbackup

1. I selected the ‘System State’ as mentioned in the pic above.
2. Now the restore screen is saying that ‘Restore to Original Location’ and ‘Existing Files Do not replace. I will go ahead with these options although not very sure about ‘do not replace existing files’.
3. Failure. A good one actually. Proving that I cannot restore as is and I would have to restart in ‘Directory Services Restore Mode’, which is good because previously I was thinking that I would to restart in safe mode.

1. Cancelled the restore job and now putting my finger in F8 to get the type of boot I want.
2. Gotcha.
3. Going in ‘Directory Services Restore Mode’
4. First I will try using the ntbackup utility for restore. If that fails then only I would delve into NTDSUTIL
5. Okay now another misgiving gone one regarding ‘do not overwrite existing files’. As I received the following message

1. Restore progress screen is achieved. Numbers coming up and restore has started. Estimated remaining time is coming as 2 minutes 7:49

1. Sheezers. I didn’t check what existing users and group policies are there. It would have been a good idea to create a user and a group policy in the new domain controller and see what happens after the restore job. Maybe I will try it later. Next time I just have to run dcpromo, install DNS, restart and then restart again in safe mode and then I can try it again.

1. Restore complete 7:51. Nice. Took 2 minutes. Again in production environment this might be bigger.

1. Okay after restart, while trying to close the progress window it has asked for a restart. Good and logical. Restarting and not going to go in Safe mode.

1. After restart it gave me the following message L

1. I clicked on ‘Yes’
2. It requires internet connectivity and I don’t have that. Lets see I think I would build another Windows 2003 server from my authorized and licensed version and then check this. Actually that might be a bit better. I think I might have those labs somewhere.
3. Luckily I already had one lab environment which had licensed Windows 2003 DC and a member server. Tried it and it worked like a charm. The group policy and all the users, OUs etc etc were restored.