Technology Tips and News
Hello everybody,
Can I perform authoritative restore without doing non-authoritative restore?! suppose I have 2 scenarios: the first I have only one DC, and second scenario I have one PDC and some additional DCs. So can I achieve this or not.
Thanks
Regards
Hi,
please read the below article :
https://technet.microsoft.com/en-us/library/cc779573(v=ws.10).aspx
If you really want to restore group OU or object you can restore using the Microsoft tool ADRestore.NET.msi but this will not restore the group membership etc. information it will just restore the object.
Hi,
please read the below article :
https://technet.microsoft.com/en-us/library/cc779573(v=ws.10).aspx
If you really want to restore group OU or object you can restore using the Microsoft tool ADRestore.NET.msi but this will not restore the group membership etc. information it will just restore the object.
Authoritative Restore and nonauthoritative restore
are two different methods for restoring Active Directory. You should choose one of them for particular restoring scenarios. So of course, you can "perform authoritative restore without doing non-authoritative restore".
For example, you accidentally deleted an AD object and to restore it, you can use an authoritative restore to perform that.
The most common use of a nonauthoritative restore is to bring an entire domain controller back, often after catastrophic or debilitating hardware failures
More reference:
https://technet.microsoft.com/en-us/library/bb727048.aspx#EKAA
Regards,
Eth
Authoritative Restore and nonauthoritative restore are two different methods for restoring Active Directory. You should choose one of them for particular restoring scenarios. So of course, you can "perform authoritative restore without doing non-authoritative restore".
For example, you accidentally deleted an AD object and to restore it, you can use an authoritative restore to perform that.
The most common use of a nonauthoritative restore is to bring an entire domain controller back, often after catastrophic or debilitating hardware failures
More reference: https://technet.microsoft.com/en-us/library/bb727048.aspx#EKAA
Regards,
Eth
Have you try restoring using the ADRESTORE utility as given below.
http://askaresh.blogspot.in/2008/11/adrestore-gui-version.html
Ensure you have a good backup of this server, including the system state. Perform nonauthoritative restore of Active Directory, then restart your server. Press F8 to display advanced startup options, select Directory Services Restore Mode.Thank you for the comment, ok now I want to restore OU, can you tell me the steps for that?
Regards,
Eth
Thank you for the comment, ok now I want to restore OU, can you tell me the steps for that?
Ensure you have a good backup of this server, including the system state. Perform nonauthoritative restore of Active Directory, then restart your server. Press F8 to display advanced startup options, select Directory Services Restore Mode.
Open a command prompt and then enter the following commands:
ntdsutil
authoritative restore
Restore Subtree OU=Marketing,DC=Reskit,DC=COM (Example for restoring the Marketing OU in the Reskit.com domain)
For more detailed steps, you can refer to this article: https://technet.microsoft.com/en-us/library/cc961934.aspx
Regards,
Eth
OK, with Ethan's steps, we finally understand your question :)
I think it depends on whether the deletions are propagated to other domain controllers.
Thanks for your clarification.
As mentioned by <Aravindhan> above, it depends on whether the deletions are propagated throughout the domain. If you can locate a DC which has not received the deletion through replication, then you don't need to do a nonauthoritative restore of Active
Directory prior to the authoritative restore.
If the deletion has propagated throughout the domain, you will have to do a nonauthoritative restore from a system state backup, then perform the authoritative restore steps.
Regards,
Eth
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier