Can I restore my Active Directory in Windows Azure?

It seems like I get loads of questions about Windows Azure and the IAAS offering we’re running these days. The last one is about how to get into DSRM (Directory Services Restore Mode), if you’ve been running your AD for a while you remember the old F8 trick during boot but in Windows Azure there’s only RDP access, so no pressing F8 then… Well, there’s a solution for everything and our engineers thought of this too, long before Windows Azure.

One big prereq for this to work out. You must have set your DSRM password to something you remember 😉

Two ways of doing this:

1) Sync with the domain administrator password: http://technet.microsoft.com/en-us/library/jj713556.aspx

2) Set it manually: http://technet.microsoft.com/en-us/library/cc754363.aspx#BKMK_examples

Once that’s done you just use bcdedit to boot into DSRM the next boot, open up CMD and type:

1) bcdedit /set safeboot dsrepair
2) shutdown –r –t 0

Once it has rebooted you can logon to your server by using “hostnameadministrator” with your DSRM password.

When you’re done restoring your AD you’ll need to make sure it boots back to normal. Open up CMD and type:

bcdedit /deletevalue {current} safeboot

On the next boot it’ll boot into Windows normally and you’re hopefully all back to normal operations!