Categories

LKBEN10607: Howto make an authoritative restore on an active directory controller

Symptom

You deleted something in active directory and need to recover it

Cause

none

Solution

Before you can do an authoritative restore you need to restore the system state of the server. This is needed to have the status before the deletion. (you can only get something back when you have it in your active directory) In other words, when you deleted something on saterday, you need the system state of friday or before. You have to follow these steps:

1. start the DC in active directory restore mode. This can be done by pushing F8 at the start of windows. You might need to retry a few times to find the right timing. To do this easier, I change the boot.ini and add a second entry in, than I configure the first entry to start in 30 seconds. That is the point where you can type F8.

2. Restore the System state to a point before the deletion

3. DO NOT RESTART (well, if your DC will start to replicate do the deletion again)

4. Start ntdsutil from the command line

5. Type: "authoritative restore"

6. For every structure you deleted you need to type "restore subtree <LDAP-Name>" Ldap name is the complete notation of the object. e.g. "CN=wpeeters,OU=Admins,OU=Lubby-Users,DC=lubby,DC=int"Tip: to find this ldap name, you better have an ldif export of your active directory at hand. You can find a knowledge base article about this in lubby.

7. Reboot your domain controller

8. The sequence number are all higher than before, so your DC will replicate this structure to the other domain controllers and not visa versa.

When you just deleted an object, you should type resture object <LDAP-Name>.

Disclaimer:

The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!

About the Author

Author: Wim Peeters - Keskon GmbH & Co. KG

Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.