We've been using Win2008R2's AD Snapshot feature to perform a nightly backup of our AD domain. I'm trying to figure out the steps that I need to run through to use one of these nightly backups to restore our AD domain on a 2nd server.
These are the commands we used to backup the AD DOM:
1. create a new snapshot
echo **** create a new snapshot **** >> %LOG% 2>>&1
ntdsutil snapshot "activate instance ntds" create quit quit >> %LOG% 2>>&1
2. mount the snapshot
echo **** mount the new snapshot **** >> %LOG% 2>>&1
ntdsutil snapshot "list all" "mount 1" quit quit >> %LOG% 2>>&1
3. copy NTDS snapshot to backup dir
echo **** backup the snapshot files **** >> %LOG% 2>>&1
c:
cd "\*SNAP*\WINDOWS\NTDS"
robocopy . "%BUDIR%" /E /Z /NFL /NDL /R:3 /LOG+:"%LOG%"
What I'm trying to figure out is how do I use ntdsutil to mount/restore this AD snapshot on a 2nd computer so that it's now our Master AD server.
EDIT #1
After more digging it doesn't look like @Greg Askew's method of Installing from Media (IFM) will work for us. I should've mentioned this in the original question, but didn't realize it mattered. We're attempting to create a backup of our existing primary AD DS and would like to be able to restore this to a 2nd server as part of our Disaster Recovery (DR) process. According to this blog:
... is a fast and efficient way to re-install a domain controller and get it up to sync, (that’s the proper way to handle a faulting replicas/domain controllers in most cases). There is some common misunderstandings of the concept “Install from media” I terms of if the operation could be performed entirely offline or online, the short answer is: No. It can’t be performed offline; you have to be online with at least one writable domain controller in the same domain as the IFM source is taken from and even then you may not be able to be fully efficient and cause replication to happen ...
It doesn't look like you can use the IFM method to restore the first server in the domain. One already has to be in the domain. So IFM is only an option for doing "online" restores, not "offline" such is our case.
You need to use the Install From Media (IFM) option:
ntdsutil.exe "act inst NTDS" ifm "Create Sysvol Full C:\IFM” q q
We use this exclusively due to our DIT is 7 GB and it takes a week to perform the initial replication without it.
Installing AD DS from Media
http://technet.microsoft.com/en-us/library/cc770654%28v=ws.10%29.aspx
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2011/10/14/dcpromo-advanced-mode-what-does-it-do.aspx
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/04/26/active-directory-domain-services-command-fu-part-5.aspx#CommandFuIFMSsyvol
You could try a single line script to run dcpromo using IFM from PowerShell ISE. I modified some random bits I found on the web and did this by way of a challenge from a coworker ;)
When the future DC has been joined to the domain, log into it and run this code from a new PowerShell ISE session. Remember to change the source DC FQDN and adjust backup and restore paths as needed. Also remove or modify sitename as needed.
Here is a breakdown of the flow:
I recommend testing in a VM environment before deploying to production.