I'm trying to verify my backups using Veeam by restoring my VMs to a test environment, which I've done yearly without issue. However, this time my Domain Controller (DC) isn't working at all. I can't access the DNS management console due to permission issues even as a domain admin. The DNS service is running, but when I try to access Active Directory Users and Computers (ADUC), I get a message saying 'The server is not functional'. I attempted to add my domain admin user to the Administrators group again, but it says the server instance cannot be found.
I've booted into DSRM mode and performed an authoritative restore, manually restored the NTDS database, and ran commands like dism and sfc /scannow, but nothing seems to help. I'm using Application-Aware Backups in Veeam, which recognizes AD and allows restoration of application items, so it should have restored the DC correctly. In my test setup, the DC is not network-connected, and I have tried restoring from various checkpoints, but still no luck. Any ideas on how to fix this?
5 Answers
Make sure your VM has a virtual NIC and is connected to a private virtual switch. If your current setup is 'not connected,' it could be causing your issues.
Since you're just testing the backups, try adding a virtual switch for the DC. This should give it basic self-resolution for its own IP as DNS, which might help restore functionality for AD and DNS.
This solved my issue. After adding a virtual switch, I was able to connect to the DNS management console and to ADUC. Thanks a lot!
If you're unsure about the restore process, Microsoft's forest recovery guide is pretty comprehensive. It might help you figure out why the DC isn't functioning after the restore. Here’s a helpful link: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-perform-initial-recovery
This looks really useful. Thanks for sharing!
What Windows Server version and domain functional level are you using? It could impact the recovery process.
I'm on Windows Server 2022 Standard with the domain functional level set to Windows Server 2016.
Check your network settings. If you've swapped NICs, double-check that it's set to use the domain profile instead of public. You can use PowerShell to switch it back if needed.
Thanks for the tip! As someone else mentioned, I ended up needing a virtual switch, and that did the trick.
Unfortunately, the Virtual Switch in Hyper-V is just set to 'not connected'.