Using Arcserve UDP Agent (Windows) › Perform a Restore › How to Perform an Authoritative Restore of an Active Directory after a BMR › Perform an Authoritative Restore of an Active Directory

Perform an Authoritative Restore of an Active Directory

There are two parts to the authoritative restore process: a non-authoritative restore is performed first by running a BMR, and then an authoritative restore of the deleted Active Directory objects is performed.

Follow these steps:

1. Execute cmd.exe as an administrator.
2. Run ntdsutil.exe to access the Active Directory diagnostic utility.

   Note: The ntdsutil.exe is a command-line utility for accessing and managing an Active Directory database.

3. Activate the instance by running the activate instance <instancename> command and press Enter. You need to activate the correct instance of ntds to perform maintenance tasks.

   The instance name can be retrieved from the ntdsutil.exe by running the "list instances" command. The standard instance of Active Directory is “ntds”.

4. Access authoritative restore by running au r or authoritative restore and press Enter.
5. To restore a subtree or an individual object of an Active Directory, type one of the following commands, and then press Enter.

   Note: The <"distinguished name"> is the name of the subtree or object that is to be marked authoritative.To complete this procedure, you must know the full distinguished name of the object or objects that you want to restore.

   • To restore a subtree, such as an organizational unit (OU) and all child objects, type: restore subtree <"distinguished name">

     For example: restore subtree “OU=<Organizational Unit>,DC=corp,DC=<Corporate Name>,DC=com”

   • To restore a single object or common name (CN), type: restore object <"distinguished name">

     For example: restore object “CN=<Object Name>,OU=<Organizational Unit>,DC=corp,DC=<Corporate Name>,DC=com”

   Note: Always enclose the distinguished name in quotes when there is a space or other special characters within the distinguished name.The most common cause of failure is an incorrectly specified distinguished name or a backup for which the distinguished name does not exist (which occurs if you try to restore a deleted object that was created after the backup).

   

6. From the Authoritative Restore Confirmation dialog, select Yes from the pop-up message asking if you are sure you want to perform this Authoritative Restore.
7. Wait for the restore job to complete.
8. At the authoritative restore and ntdsutil prompts, type

   quit

   , and then press Enter.
9. Restart the recovered domain controller in normal operating mode,
10. After the recovered domain controller is started, configure the network settings as necessary (static IP, DNS server etc).
11. From a partner domain controller, access the "Windows Administrative Tools" menu and open Active Directory Sites and Services.
12. Run a Replicate job from recovered domain controller. The deleted user is now restored and available from the recovered domain controller and all associated partner domain controllers.