LWE10049 : Howto make an authoritative restore on an active directory controller
You deleted something in active directory and need to recover it
Before you can do an authoritative restore you need to restore the system state of the server. This is needed to have the status before the deletion. (you can only get something back when you have it in your active directory) In other words, when you deleted something on saterday, you need the system state of friday or before. You have to follow these steps:
1. start the DC in active directory restore mode. This can be done by pushing F8 at the start of windows. You might need to retry a few times to find the right timing. To do this easier, I change the boot.ini and add a second entry in, than I configure the first entry to start in 30 seconds. That is the point where you can type F8.
2. Restore the System state to a point before the deletion
3. DO NOT RESTART (well, if your DC will start to replicate do the deletion again)
4. Start ntdsutil from the command line
5. Type: "authoritative restore"
6. For every structure you deleted you need to type "restore subtree <LDAP-Name>" Ldap name is the complete notation of the object. e.g. "CN=wpeeters,OU=Admins,OU=Lubby-Users,DC=lubby,DC=int"Tip: to find this ldap name, you better have an ldif export of your active directory at hand. You can find a knowledge base article about this in lubby.
7. Reboot your domain controller
8. The sequence number are all higher than before, so your DC will replicate this structure to the other domain controllers and not visa versa.
When you just deleted an object, you should type resture object <LDAP-Name>.
The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!