Authoritative Restore
Results 1 to 4 of 4

Thread: Authoritative Restore

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    24

    Authoritative Restore

    Hi,

    Domain Controller running Windows Server 2003 Enterprise Edition: Single Forest/Tree/Domain;

    Day-1 Normal Backup Of System State;

    Day-2 Create New OU with 100 New User Accounts;

    Day-3 Accidentally deleted the New OU with 100 New User Accounts;

    Is it possible to restore the new OU with 100 New User Accounts?

    The reason I ask this question is, I'm reading how to authoritatively restore Object[s] from

    http://www.microsoft.com/technet/its...og5.mspx#E6OAC and

    in Step-4 it says,

    Ntdsutil will start the attempt to mark the object as authoritative. The output message will indicate the status of the operation. The most common cause of failure is an incorrectly specified distinguished name, or a backup for which the DN does not exist (which would occur if you tried to restore a deleted user that was created after the backup).

    So, if I take the above example, authoritative restore of OU using Ntdsutil results in a failure as I'm attempting to restore deleted OU that was created after the backup.

    How will this scenario be resolved without having to add 100 user accounts again?

    Thanks
    -We May Need To Solve Problems Not By Removing The Cause, But By Designing The Way Forward Even If The Cause Remains In Place-

    Edward de Bono

  2. #2
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699
    If the OU was created after your backup then your fecked...you will have to recreate the OU with the users. Its not so tedious though with dsadd.

  3. #3
    Junior Member
    Join Date
    Aug 2006
    Posts
    24
    r3b00+, Thankyou for your reply.

    Tombstones are remains of objects that have been previously deleted. (When an object is deleted, it is not actually removed from the Active Directory database. It is instead marked for deletion at a later date. This then gets replicated to other domain controllers. When the time expires for the object (tombstoneLifetime), the object is deleted.)

    Courtesy: http://support.microsoft.com/kb/198793/

    I was wondering if somehow we can benefit from the concept of TombStoneLifetime for my example. Since the OU is not actually removed from the AD database and instead marked for deleteion at a later date, as per the above, is it not possible to recover the OU in my example?

    Thanks
    -We May Need To Solve Problems Not By Removing The Cause, But By Designing The Way Forward Even If The Cause Remains In Place-

    Edward de Bono

  4. #4
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699
    You just alerted me to a very useful tool, ive attached the zip file containing the program. Simply a matter of running the program from a command prompt then hitting y or n depending on whether you want that deleted object restored. Also, all tombstones that have been restored are automatically disabled, so remember to enable.
    You might want to have a look at this

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides