Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

The things that are better left unspoken

a blog by Sander Berkouwer

Related

AD Manager Plus
 

Blog roll

News



Archives

Rebooting Windows Server 2012-based Domain Controllers into Directory Services Restore Mode

As Christoffer Andersson, a fellow Directory Services MVP explained in the 4th post of his Inside NTDS.dit series, some deletions do not end up in the Active Directory Recycle Bin and as an Active Directory admin you might still need to perform restores using Directory Services Restore Mode (DSRM).

The Directory Services Restore Mode isn’t new. It has been around since Windows 2000 Server, where you would press F8 during boot to enter the Advanced Boot Options screen. Throughout versions of Windows Server the way to reboot into the Directory Services Restore Mode has changed. For instance, last year I blogged on how to add a DSRM startup option to the Advanced Boot Options screen in Windows Server 2008 and Windows Server 2008 R2, because by default it’s not present.

Today, in Windows Server 2012, Microsoft has changed rebooting into Directory Services Restore Mode from within Windows and has made it far easier.

Note:
When Windows detects a problem and needs to reboot, it will automatically display the Advanced Boot Options screen.

The following two ways now exist to reboot into Directory Services Restore Mode from within Windows:

  1. Type shutdown –o –r
    After a couple of seconds the system will display a ribbon:
      
    After typing shutdown -o -r a ribbon will be displayed (Click for original screenshot)
       
    Quickly thereafter, the system will reboot. 
     
         Note:
         This method works on both Full Installations and Server Core installations.
     
  2. On a Full installation of Windows Server 2012 open the Charms Bar with Win+C, then click the cog representing Settings, left-click on Power and press and hold down the Shift key while you click Restart
         
    Click Restart while holding Shift to reboot (Click for original screenshot)
       
  3. Select one of the two Operating System: Recovery options as they seem to be the reasons that best describe why you want to restart. Then click Continue.

After the system has rebooted, it will display the following screen, instead of the normal boot screen:

After the restart choose an option (Click for original screenshot)

Choose Troubleshoot - Refresh or reset your PC, or use advanced tools.

The Advanced options screen will appear:

The Advanced options screen (click for original screenshot)

Choose Startup Settings - Change Windows startup behavior.

The Startup Settings screen will appear:

The Startup Settings screen (Click for original screenshot)

Click Restart.

The server will restart a second time. This time it will display the Advanced Boot Options screen:

 The Windows Server 2012 Advanced Boot Options Screen with the Directory Services Repair Mode option (Click for original screenshot)

On this screen, select Directory Services Repair Mode.

When confronted with the Windows Server 2012 logon screen, determine the appropriate set of logon credentials, depending on your DSRM Admin Logon Behavior settings and remaining Domain Controllers within your environment. Logon and perform the appropriate actions.

    

Concluding

Today, in Windows Server 2012, Microsoft has changed rebooting into Directory Services Restore Mode and has made it far easier. Note, however, that easier in this case does not mean more straightforward.

Further reading

Restartable AD DS Step-by-Step Guide
Securing the Directory Services Restore Mode Account
What Username and Password Do I Need to Use for Directory Services Restore Mode
Directory Services Restore to Virtual from Physical

Related Posts

And you will keep your password updated … 
How to add a DSRM startup option in Windows Server 2008 and Windows Server 2008 R2

Posted: Thursday, November 29, 2012 7:51 AM by Sander Berkouwer

Comments

Jaap Brasser said:

The method I have been using since Server Core was released, is admittedly a more command-line driven method. This is what I would do to go into directory restore mode:

- Open a command prompt/PowerShell console with administrative credentials

- bcdedit /set safeboot dsrepair

- shutdown -r -t 0  (restart-computer  when using PowerShell)

After reboot and using ntdsutil you should remove the safeboot option using bcdedit:

- bcdedit /deletevalue safeboot

# November 29, 2012 11:44 AM

Sander Berkouwer said:

Hi Jaap,

Thanks for your comment.

The way you describe is exactly the way described in the mentioned blogpost for Windows Server 2008 and Windows Server 2008 R2.

However, the method above for Windows Server 2012 only requires you to add the new -o commandline switch to your shutdown.exe command and not meddle with bcdedit.exe.

# November 29, 2012 2:02 PM

Jaap Brasser said:

Awesome you already had the blog post for the alternative method up as well. Thanks for pointing me to the link!

# November 30, 2012 10:35 AM
Anonymous comments are disabled