Active Directory Disaster Recovery - GPO Restore
Content
Windows Server 2003-2008 R2: Active Directory Disaster Recovery
Module 6 Lab Group Policy Recovery Student Workbook
Version 1.1
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Information in this document, including URL and other website references, represents the current view of Microsoft Corporation as of the date of publication and is subject to change without notice to you.
Descriptions or references to third party products, services or websites are provided only as a convenience to you and should not be considered an endorsement by Microsoft. Microsoft makes no representations or warranties, express or implied, as to any third party products, services or websites.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious.
Complying with all applicable copyright laws is the responsibility of the user. This document is intended for distribution to and use only by Microsoft Premier customers. Use or distribution of this document by any other persons is prohibited without the express written permission of Microsoft. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, this document does not give you any license to Microsoft’s intellectual property.
MICROSOFT MAKES NO WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE INFORMATION CONTAINED IN THIS DOCUMENT.
© 2011 Microsoft Corporation. All rights reserved.
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Microsoft Premier Support Services Description Exhibit: License Terms for Standard Workshop and WorkshopPLUS
This Exhibit is an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. The license terms for Standard Workshops and WorkshopPLUS are made pursuant to your Microsoft Premier Support Services Description (the “Services Description”). The terms of the Services Description are incorporated herein by this reference. Any terms not otherwise defined herein will assume the meanings set forth in the Services Description. This Exhibit applies to any Standard Workshop or WorkshopPLUS delivered under your Services Description, including the media on which you received the workshop, if any, and any materials, sample code, documentation or software provided in conjunction with the Standard Workshop or WorkshopPLUS. These terms also apply to any Microsoft updates, supplements, and Internet-based services
for a Standard Workshop or WorkshopPLUS, unless other terms accompany those items. If so, those terms apply. BY PARTICIPATING IN THE WORKSHOP, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT PARTICIPATE IN THE WORKSHOP OR USE ANY STANDARD WORKSHOP OR WORKSHOPPLUS MATERIALS AND SOFTWARE.
If you comply with these license terms, you have the rights below. Scope of License. Subject to the terms of this license, Microsoft grants you: (i) a conditional license to participate in the Standard Workshop or WorkshopPLUS you have selected, and (ii) a limited, personal right to use the materials, sample code, documentation and software, if any, that are associated with a Standard Workshop or WorkshopPLUS. Any rights not granted in this Exhibit are reserved by Microsoft. Restrictions on Use. Your rights to use the materials, sample code, documentation and software provided in a Standard Workshop or WorkshopPLUS are limited. You must comply with any technical limitations that restrict your use. In addition, you may not: record the Standard Workshop or WorkshopPLUS in any manner; reproduce, store in or introduce into a retrieval system, or transmit in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, any documentation, sample code, software or materials from a Standard Workshop or WorkshopPLUS; work around any technical limitations or restrictions incorporated into the materials, sample code, documentation or software; reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation; publish any documentation, sample code, software or materials from a Standard Workshop or WorkshopPLUS for others to copy; rent, lease or lend any documentation, sample code, software or materials from a Standard Workshop or WorkshopPLUS; or transfer any documentation, sample code, software or materials from a Standard Workshop or WorkshopPLUS or this agreement to any third party.
Rules for Participation in Standard Workshop and WorkshopPLUS. You agree to abide by the following rules as a condition of participation in a Standard Workshop or WorkshopPLUS: You agree that while on Microsoft property you will comply with all applicable local, state and federal laws, statutes and regulations, including without limitation, all laws prohibiting harassment of any kind in the workplace. You agree to abide by applicable Microsoft rules, regulations and security measures while participating in a Standard Workshop or WorkshopPLUS on Microsoft property.
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Sample Code and software provided to you are owned solely by Microsoft and licensed to you for install, use and access while participating in the workshop. Upon completion of the workshop, you will return all sample code and software to Microsoft upon our request.
Term. Upon completion of the workshop, you will: (i) vacate the workshop office space or workspace; (ii) return to Microsoft any identification badges and premises access cards provided to you as a workshop participant; (iii) return all Microsoft-owned property to Microsoft, including but not limited to any Microsoft software and materials provided to you in connection with your participation in the Standard Workshop or WorkshopPLUS; and (iv) remove all your personally owned equipment or property from Microsoft premises. Disclaimer of Warranty. Any software provided to you is licensed “as-is.” You bear the risk of using it. Microsoft gives no express warranties, guarantees or conditions. To the extent permitted under your local laws, Microsoft excludes the implied warranties of merchantability, fitness for a particular purpose and non-infringement.
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Table of Contents
5
Table of Contents
LAB 5: GROUP POLICY RECOVERY .............................................................................................................................. 7
Introduction ............................................................................................................................................................... 7 Objectives ................................................................................................................................................................... 7 Prerequisites .............................................................................................................................................................. 7 Estimated time to complete this lab .......................................................................................................................... 7 For more information ................................................................................................................................................. 7 Scenario ...................................................................................................................................................................... 7
Exercise 1: Group Policy Objects Review and Deletion.................................................................................. 8
Reviewing the Environment ....................................................................................................................................... 8 Taking a Group Policy Backup .................................................................................................................................... 8 Causing a GPO Disaster .............................................................................................................................................. 9
Exercise 2: Group Policy Objects Recovery .................................................................................................... 9
Recovering the GPOs .................................................................................................................................................. 9 Restoring GPLinks using GPMC................................................................................................................................. 10
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Lab: Group Policy Recovery
7
Lab 5: Group Policy Recovery
Introduction
In this lab you will be performing an out-of-band backup of all Group Policy Objects modified within the month along with an HTM report of all GPOs, as well as a full backup of all the Group Policy Objects. This method helps you to speed up the recovery process and prevent the use of System State authoritative restores to recover GPOs.
Objectives
After completing this lab, you will be able to: Learn how to document you GPO environment Lear how to recover from GPO disasters.
Prerequisites
The following virtual machines are necessary to complete this lab: LitwareDC1 & LitwareDC2 o o Username: litware\Administrator Password: password1!
Estimated time to complete this lab
15 minutes
For more information
Please ask your instructor if you need assistance of guidance on any steps.
Scenario
Help desk is receiving calls from specific application owners that their applications are not getting the appropriate setting from group policy. Upon further investigation you find that the Group Policy in question has been deleted but on the positive side there was a backup of the policies.
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
8
Lab: Group Policy Recovery
Exercise 1: Group Policy Objects Review and Deletion
In this exercise, you will:
Review the current Group Policy Environment. Take a full backup of all your GPOs using GPMC and PowerShell.
Reviewing the Environment
1. Logon to LitwareDC1 using the username and password listed above in the prerequisites. 2. Launch Windows Explorer and navigate to the C:\ drive. Create a new folder named “GPOBackup”. This folder will be used in the 3rd exercise to take a copy of your environment (document). 3. Launch the Group Policy Management Console (GPMC) by clicking Start Menu, then type gpmc.msc and press ENTER. 4. Expand the nodes (Domains and litware.com) to view the Organizational Units (OUs) and the GPOs. 6. Now expand some of the OUs and check the GPOs linked to it.
Taking a Group Policy Backup
Now you will take a manual backup of all your GPOs as a precautionary measure, as you know restoring a single GPO using a Domain Controller backup is complicated and time consuming, as it requires an authoritative restore of the AD DS database and also a SYSVOL restore. 1. While still in the Group Policy Management Console (GPMC), expand the litware.com node, and find the Group Policy Objects container. 2. Right click Group Policy Objects, then select Back Up All… 3. Make sure the path points to C:\GPOBackup. Entre a meaningful description for your backup and click “Back Up” button. Click OK once the process is completed.
Note that there are currently no GPO backups available in the C:\GPOBackup folder The status message when the backup is done should say “17 GPOs were successfully backed up”.
4. You can also perform the same task using PowerShell. So let’s launch PowerShell by clicking the PowerShell icon on the taskbar
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Lab: Group Policy Recovery
9
5. Type import-module GroupPolicy in the PowerShell command and press ENTER. 6. Type Backup-GPO -All -Path C:\GPOBackup and press ENTER 7. Once the PowerShell cmdlet finishes, open Windows Explorer and navigate to the C:\GPOBackup folder and look at the files that were created by the backup script.
Notice you have 2 backups in the C:\GPOFolder. One taken with GPMC and one taken with the PowerShell cmdlet.
Causing a GPO Disaster
1. Launch the Group Policy Management Console (GPMC) by clicking Start Menu, then type gpmc.msc and press ENTER. 2. Expand Domains, then the litware.com node, and find the Group Policy Objects container. 3. On the right hand side of the screen scroll down and remove the following GPOs: a. Sales Settings b. VIP Sales Staff 4. Click Yes to accept the deletion. A new window will show with a progress bar and once it’s done, click OK.
From this point on your environment is under high risk and the sales staff is being impacted, as the GPOs are no longer applied to those users and computers. You have to quickly restore the deleted GPOs and their links back to where they belong.
Exercise 2: Group Policy Objects Recovery
In this exercise, you will: Recover the deleted GPOs using the GPMC snap-in and PowerShell.
Recovering the GPOs
1. While still in the in GPMC, right click Group Policy Objects, and select Manage Backups 2. Make sure the “Backup Location” field points to C:\GPOBackup.
Microsoft | Services © 2011 Microsoft Corporation Microsoft Confidential ITOE Educate
10
Lab: Group Policy Recovery
This is the list of all the backed up GPOs in your environment
3. Mark the check box “Show only the latest version of each GPO”. 4. Select the Sales Settings GPO from the list and click “View Settings”. An Internet Explorer window will open showing all GPO settings and where the GPO was linked previously (you might need to click CLOSE in the Internet Explorer’s blocked content alert).
You can use the settings feature to compare the production GPO with your previous backups, in case you’re looking for inconsistencies or recent changes.
5. Check the Links section of the report and write down where the GPO was previously linked to (which OU or Site or Domain): Sales Settings: ________________________________________________________ VIP Sales Staff: _______________________________________________________ 6. Once you confirm this is the right backup, close the Internet Explorer and go back to GPMC. With the Sales Settings GPO selected, click Restore. 7. Click OK to accept the change and OK again once the process is completed. 8. Repeat the steps 4-6 for the VIP Sales Staff GPO, so it’s also restored from the latest backup. 9. Click Close to end the restore process and return to GPMC.
Restoring GPLinks using GPMC
1. Once you’re back to GPMC, make sure your still inside the Group Policy Objects container, where you can see all the Domain GPOs. 2. Double Click the just restored GPO and check the Scope tab in the right hand side panel.
Note the Links section is empty
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Lab: Group Policy Recovery
11
The GPO link has not been restored and this is the expected behavior of GPMC. So, in a massive disaster like this one, you would have to know where each GPO was linked to. You must have it documented somehow, and we’ll discuss three methods of documenting GPO links in the next steps.
3. Using the data obtained in Step 5 of the previous section of this lab, while still in GPMC, right click the OU where the two GPOs just restored existed (Sales OU) and select “Link an existing GPO” 4. Select Sales Settings and VIP Sales Staff (use the CTRL key to select both at the same time) and click OK. 5. Notice the two GPOs will show up in the right-hand side panel as linked to that OU now.
This lab just went over an optional restore method for GPOs. The traditional method would be a lot more complicated, and would take a DC down in safe mode, restore a system state or full backup, mark the right objects as Authoritative (both the GPOs and the OUs where they were linked) and then mark the SYSVOL as D4.
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Module 6 Lab Group Policy Recovery Student Workbook
Version 1.1
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Information in this document, including URL and other website references, represents the current view of Microsoft Corporation as of the date of publication and is subject to change without notice to you.
Descriptions or references to third party products, services or websites are provided only as a convenience to you and should not be considered an endorsement by Microsoft. Microsoft makes no representations or warranties, express or implied, as to any third party products, services or websites.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious.
Complying with all applicable copyright laws is the responsibility of the user. This document is intended for distribution to and use only by Microsoft Premier customers. Use or distribution of this document by any other persons is prohibited without the express written permission of Microsoft. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, this document does not give you any license to Microsoft’s intellectual property.
MICROSOFT MAKES NO WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE INFORMATION CONTAINED IN THIS DOCUMENT.
© 2011 Microsoft Corporation. All rights reserved.
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Microsoft Premier Support Services Description Exhibit: License Terms for Standard Workshop and WorkshopPLUS
This Exhibit is an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. The license terms for Standard Workshops and WorkshopPLUS are made pursuant to your Microsoft Premier Support Services Description (the “Services Description”). The terms of the Services Description are incorporated herein by this reference. Any terms not otherwise defined herein will assume the meanings set forth in the Services Description. This Exhibit applies to any Standard Workshop or WorkshopPLUS delivered under your Services Description, including the media on which you received the workshop, if any, and any materials, sample code, documentation or software provided in conjunction with the Standard Workshop or WorkshopPLUS. These terms also apply to any Microsoft updates, supplements, and Internet-based services
for a Standard Workshop or WorkshopPLUS, unless other terms accompany those items. If so, those terms apply. BY PARTICIPATING IN THE WORKSHOP, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT PARTICIPATE IN THE WORKSHOP OR USE ANY STANDARD WORKSHOP OR WORKSHOPPLUS MATERIALS AND SOFTWARE.
If you comply with these license terms, you have the rights below. Scope of License. Subject to the terms of this license, Microsoft grants you: (i) a conditional license to participate in the Standard Workshop or WorkshopPLUS you have selected, and (ii) a limited, personal right to use the materials, sample code, documentation and software, if any, that are associated with a Standard Workshop or WorkshopPLUS. Any rights not granted in this Exhibit are reserved by Microsoft. Restrictions on Use. Your rights to use the materials, sample code, documentation and software provided in a Standard Workshop or WorkshopPLUS are limited. You must comply with any technical limitations that restrict your use. In addition, you may not: record the Standard Workshop or WorkshopPLUS in any manner; reproduce, store in or introduce into a retrieval system, or transmit in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, any documentation, sample code, software or materials from a Standard Workshop or WorkshopPLUS; work around any technical limitations or restrictions incorporated into the materials, sample code, documentation or software; reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation; publish any documentation, sample code, software or materials from a Standard Workshop or WorkshopPLUS for others to copy; rent, lease or lend any documentation, sample code, software or materials from a Standard Workshop or WorkshopPLUS; or transfer any documentation, sample code, software or materials from a Standard Workshop or WorkshopPLUS or this agreement to any third party.
Rules for Participation in Standard Workshop and WorkshopPLUS. You agree to abide by the following rules as a condition of participation in a Standard Workshop or WorkshopPLUS: You agree that while on Microsoft property you will comply with all applicable local, state and federal laws, statutes and regulations, including without limitation, all laws prohibiting harassment of any kind in the workplace. You agree to abide by applicable Microsoft rules, regulations and security measures while participating in a Standard Workshop or WorkshopPLUS on Microsoft property.
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Sample Code and software provided to you are owned solely by Microsoft and licensed to you for install, use and access while participating in the workshop. Upon completion of the workshop, you will return all sample code and software to Microsoft upon our request.
Term. Upon completion of the workshop, you will: (i) vacate the workshop office space or workspace; (ii) return to Microsoft any identification badges and premises access cards provided to you as a workshop participant; (iii) return all Microsoft-owned property to Microsoft, including but not limited to any Microsoft software and materials provided to you in connection with your participation in the Standard Workshop or WorkshopPLUS; and (iv) remove all your personally owned equipment or property from Microsoft premises. Disclaimer of Warranty. Any software provided to you is licensed “as-is.” You bear the risk of using it. Microsoft gives no express warranties, guarantees or conditions. To the extent permitted under your local laws, Microsoft excludes the implied warranties of merchantability, fitness for a particular purpose and non-infringement.
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Table of Contents
5
Table of Contents
LAB 5: GROUP POLICY RECOVERY .............................................................................................................................. 7
Introduction ............................................................................................................................................................... 7 Objectives ................................................................................................................................................................... 7 Prerequisites .............................................................................................................................................................. 7 Estimated time to complete this lab .......................................................................................................................... 7 For more information ................................................................................................................................................. 7 Scenario ...................................................................................................................................................................... 7
Exercise 1: Group Policy Objects Review and Deletion.................................................................................. 8
Reviewing the Environment ....................................................................................................................................... 8 Taking a Group Policy Backup .................................................................................................................................... 8 Causing a GPO Disaster .............................................................................................................................................. 9
Exercise 2: Group Policy Objects Recovery .................................................................................................... 9
Recovering the GPOs .................................................................................................................................................. 9 Restoring GPLinks using GPMC................................................................................................................................. 10
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Lab: Group Policy Recovery
7
Lab 5: Group Policy Recovery
Introduction
In this lab you will be performing an out-of-band backup of all Group Policy Objects modified within the month along with an HTM report of all GPOs, as well as a full backup of all the Group Policy Objects. This method helps you to speed up the recovery process and prevent the use of System State authoritative restores to recover GPOs.
Objectives
After completing this lab, you will be able to: Learn how to document you GPO environment Lear how to recover from GPO disasters.
Prerequisites
The following virtual machines are necessary to complete this lab: LitwareDC1 & LitwareDC2 o o Username: litware\Administrator Password: password1!
Estimated time to complete this lab
15 minutes
For more information
Please ask your instructor if you need assistance of guidance on any steps.
Scenario
Help desk is receiving calls from specific application owners that their applications are not getting the appropriate setting from group policy. Upon further investigation you find that the Group Policy in question has been deleted but on the positive side there was a backup of the policies.
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
8
Lab: Group Policy Recovery
Exercise 1: Group Policy Objects Review and Deletion
In this exercise, you will:
Review the current Group Policy Environment. Take a full backup of all your GPOs using GPMC and PowerShell.
Reviewing the Environment
1. Logon to LitwareDC1 using the username and password listed above in the prerequisites. 2. Launch Windows Explorer and navigate to the C:\ drive. Create a new folder named “GPOBackup”. This folder will be used in the 3rd exercise to take a copy of your environment (document). 3. Launch the Group Policy Management Console (GPMC) by clicking Start Menu, then type gpmc.msc and press ENTER. 4. Expand the nodes (Domains and litware.com) to view the Organizational Units (OUs) and the GPOs. 6. Now expand some of the OUs and check the GPOs linked to it.
Taking a Group Policy Backup
Now you will take a manual backup of all your GPOs as a precautionary measure, as you know restoring a single GPO using a Domain Controller backup is complicated and time consuming, as it requires an authoritative restore of the AD DS database and also a SYSVOL restore. 1. While still in the Group Policy Management Console (GPMC), expand the litware.com node, and find the Group Policy Objects container. 2. Right click Group Policy Objects, then select Back Up All… 3. Make sure the path points to C:\GPOBackup. Entre a meaningful description for your backup and click “Back Up” button. Click OK once the process is completed.
Note that there are currently no GPO backups available in the C:\GPOBackup folder The status message when the backup is done should say “17 GPOs were successfully backed up”.
4. You can also perform the same task using PowerShell. So let’s launch PowerShell by clicking the PowerShell icon on the taskbar
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Lab: Group Policy Recovery
9
5. Type import-module GroupPolicy in the PowerShell command and press ENTER. 6. Type Backup-GPO -All -Path C:\GPOBackup and press ENTER 7. Once the PowerShell cmdlet finishes, open Windows Explorer and navigate to the C:\GPOBackup folder and look at the files that were created by the backup script.
Notice you have 2 backups in the C:\GPOFolder. One taken with GPMC and one taken with the PowerShell cmdlet.
Causing a GPO Disaster
1. Launch the Group Policy Management Console (GPMC) by clicking Start Menu, then type gpmc.msc and press ENTER. 2. Expand Domains, then the litware.com node, and find the Group Policy Objects container. 3. On the right hand side of the screen scroll down and remove the following GPOs: a. Sales Settings b. VIP Sales Staff 4. Click Yes to accept the deletion. A new window will show with a progress bar and once it’s done, click OK.
From this point on your environment is under high risk and the sales staff is being impacted, as the GPOs are no longer applied to those users and computers. You have to quickly restore the deleted GPOs and their links back to where they belong.
Exercise 2: Group Policy Objects Recovery
In this exercise, you will: Recover the deleted GPOs using the GPMC snap-in and PowerShell.
Recovering the GPOs
1. While still in the in GPMC, right click Group Policy Objects, and select Manage Backups 2. Make sure the “Backup Location” field points to C:\GPOBackup.
Microsoft | Services © 2011 Microsoft Corporation Microsoft Confidential ITOE Educate
10
Lab: Group Policy Recovery
This is the list of all the backed up GPOs in your environment
3. Mark the check box “Show only the latest version of each GPO”. 4. Select the Sales Settings GPO from the list and click “View Settings”. An Internet Explorer window will open showing all GPO settings and where the GPO was linked previously (you might need to click CLOSE in the Internet Explorer’s blocked content alert).
You can use the settings feature to compare the production GPO with your previous backups, in case you’re looking for inconsistencies or recent changes.
5. Check the Links section of the report and write down where the GPO was previously linked to (which OU or Site or Domain): Sales Settings: ________________________________________________________ VIP Sales Staff: _______________________________________________________ 6. Once you confirm this is the right backup, close the Internet Explorer and go back to GPMC. With the Sales Settings GPO selected, click Restore. 7. Click OK to accept the change and OK again once the process is completed. 8. Repeat the steps 4-6 for the VIP Sales Staff GPO, so it’s also restored from the latest backup. 9. Click Close to end the restore process and return to GPMC.
Restoring GPLinks using GPMC
1. Once you’re back to GPMC, make sure your still inside the Group Policy Objects container, where you can see all the Domain GPOs. 2. Double Click the just restored GPO and check the Scope tab in the right hand side panel.
Note the Links section is empty
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
Lab: Group Policy Recovery
11
The GPO link has not been restored and this is the expected behavior of GPMC. So, in a massive disaster like this one, you would have to know where each GPO was linked to. You must have it documented somehow, and we’ll discuss three methods of documenting GPO links in the next steps.
3. Using the data obtained in Step 5 of the previous section of this lab, while still in GPMC, right click the OU where the two GPOs just restored existed (Sales OU) and select “Link an existing GPO” 4. Select Sales Settings and VIP Sales Staff (use the CTRL key to select both at the same time) and click OK. 5. Notice the two GPOs will show up in the right-hand side panel as linked to that OU now.
This lab just went over an optional restore method for GPOs. The traditional method would be a lot more complicated, and would take a DC down in safe mode, restore a system state or full backup, mark the right objects as Authoritative (both the GPOs and the OUs where they were linked) and then mark the SYSVOL as D4.
Microsoft | Services
© 2011 Microsoft Corporation Microsoft Confidential
ITOE Educate
