Active Directory, Domain Controller, and Windows Server 2019 administrators often face scenarios where they need to perform DSRM restore or clean up DNS, sites, metadata, seize, and transfer FSMO roles. Understanding when to use each approach is crucial.
DSRM restore is ideal when Active Directory is severely corrupted, and a good backup is available. This approach rolls back password changes and removes systems and users added after the backup date. However, it’s essential to consider the impact on password changes and newly added systems and users.
On the other hand, cleaning up DNS, sites, metadata, seizing, and transferring FSMO roles is necessary when a Domain Controller (DC) fails, and roles need to be transferred to another DC. Seizing occurs when a graceful transfer is not possible, such as when a DC with all FSMO roles experiences hardware failure. In this scenario, using ntdsutil or PowerShell, administrators can seize roles and clean up metadata.