Complete Authoritative Restore of Active Directory

Performing a Complete Authoritative Restore of Active Directory

Restart in Directory Services Restore Mode

Simply reboot the server and press F8 during the boot procedures. Select Directory Services Restore Mode. You will require your DSRM password for this procedure. This can be reset as detailed in this guide.

Restore from backup media for authoritative restore

Click the Restore Wizard button, and then click Next.Select the appropriate backup location and ensure that at least the System disk and System State containers are selected.Click the Advanced button and ensure you are restoring junction points. If you do not go through the advanced menu, the restore process will not be successful.Select Original Location in the Restore Files to list.In the Advanced Restore Options window, check the boxes for:Restore security.Restore junction points, and restore file and folder data under junction points to the original location.Preserve existing volume mount points.For a primary restore of SYSVOL, also check the following box. A primary restore is only required if the domain controller you are restoring is the only domain controller in the domain.When restoring replicated data sets, mark the restored data as the primary data for all replicas.Click OK and continue through the restore process. A visual progress indicator is displayed.When asked to restart the computer, do not restart.

Restore system state to an alternate location

Copy the contents of the scripts directory from:

c:sysvolc_winntSysvolDomainscripts and add it to:c:WinntSYSVOLSysvoldomainscripts

Copy the contents of the policies directory from:

c:sysvolc_winntSysvolDomainpolicies And add it to:c:WinntSYSVOLSysvoldomainpolicies

Restore the database

Open a command prompt and type ntdsutil and then press ENTER.Type authoritative restore and then press ENTER.Type restore database and press ENTER.At the Authoritative Restore Confirmation dialog box, click OK.Type quit and press ENTER until you have exited Ntdsutil.exe.

Restart in normal mode

Restart the server. It is now authoritative for the domain, and changes will be replicated to the other domain controllers in the enterprise.

Verify Active Directory restore

When the computer is restarted in normal mode, Active Directory automatically detects that it has been recovered from a backup and performs an integrity check and re-indexes the database. After you are able to log on to the system, browse the directory and verify that all user and group objects that were present in the directory prior to backup are restored.