How To Windows

How to Restore Active Directory from a Windows Server Backup

By Raj Bepari 3 min read
How to Restore Active Directory from a Windows Server Backup
Recommended: Download Windows Speedup Tool to quickly fix PC issues.

Restoring Active Directory (AD) from a Windows Server Backup is a critical recovery task used when domain controllers experience corruption, accidental deletion, ransomware attacks, or system failures. Since Active Directory stores essential domain data such as users, groups, computers, and policies, restoring it correctly is crucial for domain stability.

Windows Server includes built-in backup and recovery tools that allow administrators to restore Active Directory safely using Directory Services Restore Mode (DSRM).

Below is a step-by-step guide to restore Active Directory from a Windows Server Backup.

Why Restoring Active Directory Requires Special Care

Active Directory is tightly integrated with the Windows operating system and domain services. A standard system restore is not sufficient to recover AD data because AD operates as a database service.

Improper restoration can cause replication issues, authentication failures, or data inconsistencies across domain controllers. Following the correct recovery method ensures domain integrity and prevents long-term issues.

How to Restore Active Directory from a Windows Server Backup

Follow the steps below in order, depending on whether you are performing a non-authoritative or authoritative restore.

1. Determine the Type of Active Directory Restore

Before starting, decide which type of restore is required.

  • Non-authoritative restore – Restores AD and then syncs changes from other domain controllers (most common)
  • Authoritative restore – Forces restored data to overwrite data on other domain controllers

For most scenarios, a non-authoritative restore is sufficient.

2. Restart the Domain Controller into Directory Services Restore Mode (DSRM)

Active Directory must be offline before it can be restored.

  1. Restart the domain controller
  2. During startup, press F8
  3. Select Directory Services Restore Mode
  4. Log in using the DSRM administrator password

This mode allows AD database recovery without starting domain services.

3. Open Windows Server Backup

Once logged into DSRM, access the backup utility.

  1. Click Start
  2. Open Windows Server Backup
  3. Select Local Backup from the left pane

Ensure the backup you need is available on local storage, external drive, or network location.

4. Start the Active Directory Restore Process

Initiate the restore using the backup wizard.

  1. Click Recover
  2. Choose This server
  3. Select the backup location
  4. Choose the backup date and time
  5. Select System State
  6. Proceed with the restore

System State includes Active Directory, SYSVOL, registry, and system files.

5. Complete the System State Restore

Windows will begin restoring system state data.

  1. The process may take several minutes
  2. The server may restart automatically
  3. No user interaction is required during restore

Do not interrupt the restore process.

6. Restart the Server Normally

After the restore completes, restart the server in normal mode.

  1. Restart the server
  2. Allow Windows to boot normally
  3. Log in using domain credentials

At this stage, a non-authoritative restore is complete.

7. Perform an Authoritative Restore (If Required)

If specific objects were deleted and need to overwrite other domain controllers, perform an authoritative restore.

  1. Boot into Directory Services Restore Mode
  2. Open Command Prompt as Administrator
  3. Run: ntdsutil
  4. Enter: authoritative restore
  5. Mark objects or entire directory as authoritative
  6. Exit and restart the server normally

This forces replication of restored objects across the domain.

8. Verify Active Directory Health

After restoration, verify that AD is functioning correctly.

  1. User and computer objects
  2. Group Policy Objects (GPOs)
  3. SYSVOL replication
  4. Domain authentication

Use tools like Event Viewer, Active Directory Users and Computers, and dcdiag.

9. Force Active Directory Replication (Optional)

Ensure all domain controllers are synchronized.

  1. Open Command Prompt
  2. Run: repadmin /syncall /AdeP
  3. Monitor replication status

This ensures consistency across the domain.

10. Resume Normal Operations and Monitoring

Once restoration is confirmed successful:

  1. Resume regular backups
  2. Monitor event logs for replication errors
  3. Test authentication and group policies
  4. Document the restore process for future reference

Final Thoughts

Restoring Active Directory from a Windows Server Backup is a sensitive but manageable process when done correctly. Using Directory Services Restore Mode and restoring the System State ensures domain data is recovered safely.

For critical failures, authoritative restores allow administrators to recover deleted objects and maintain domain consistency. Regular backups and tested recovery plans are essential to minimize downtime during AD-related incidents.

Raj Bepari

I’m a digital content creator passionate about everything tech.