Web
Analytics Made Easy - StatCounter

Veeam 8 restoring Active Directory after DCs failure

restoread01

With Veeam 8 restoring Active Directory functionality after Domain Controllers failure it's a matter of few clicks if supported by a working backup.

One of the most undervalued components of Veeam is the VBK Extract utility that helps fixing scenarios where the disaster recovery plan is not in place and the backup strategy is poor.

 

Scenario

During a network maintenance, all Domain Controllers failed due to a wrong update causing the complete Active Directory failure.

After a quick check the network was working with very limited services:

  • No Domain Controllers available - AD authentication not working
  • No DNS service - most services not working, vCenter and Veeam servers as well
  • No replica available and no DR plan in place
  • All network servers are running except DCs
  • Backups available and backup storage accessible

 

Procedure

The only way to recover Active Directory functionality is restoring at least the primary Domain Controller. Since Veeam Server and its components rely on DNS availability, VBK Extract utility is the first solution that come to my mind to quickly restore the environment.

To run the tool, the required files are located in Veeam Server under C:\Program Files\Veeam\Backup. Make a copy to the Veeam Proxy where the backup repository is connected to (via iSCSI in this example). Remember that both DNS and authentication services are unavailable.

The files to copy are the following:

  • Veeam.Backup.Extractor.exe
  • Extract.exe

restoread02

Double click on Veeam.Backup.Extractor.exe to run the tool. Click Browse in the VBK file field to specify the full backup file to use (the extractor can recover VMs from full backups only) containing the primary Domain Controller. Click Open.

restoread03

Click Browse and select the Extract folder with enough space to store the VM.

restoread04

Select the VM to restore (i.e. w2k8r2-dc01) and click Extract.

restoread05

 

Copy extracted VM to the storage

Extracted the VM, it must be copied to the shared storage where ESXi is connected to.

restoread06

From the computer where vSphere Client is installed, map the disk of the machine where the VM has been extracted using the correct credentials.

restoread07

Since users cannot be authenticated against Active Directory (no DCs are available), the local  Administrator account should be used instead.

restoread08

The VM is now accessible from the computer with vSphere Client.

restoread09

Select the storage to use and click on the upload icon. Select Upload Folder option.

restoread10

Browse the folders and select the VM to upload then click OK.

restoread11

Click Yes to continue.

restoread12

The VM is being uploaded to the selected storage.

restoread13

 

Add VM to Inventory

To make the VM visible to the ESXi, the VM must be added to the inventory. When the upload is complete, select the VM folder and right click the .vmx file. Select Add to Inventory option.

restoread14

Give a Name for the virtual machine and click Next.

restoread15

Select the resource pool to run the VM and click Next.

restoread16

Click Finish to register the VM.

restoread17

The virtual machine is now visible from the ESXi.

restoread18

Right click the VM and select Power > Power On options.

restoread19

The VM (Domain Controller) is now up and running restoring Active Directory authentication functionality.

restoread20

Since the Extractor doesn't need to be installed, the tool can be stored anywhere and easily used in case Veeam Server is unavailable.

firma