Authoritative restore

J

Joe

Am i right with this?

I have 2 DCs currently online (say Server "A" and
Server "B"), one of them is having problems replicating
and has its AD database corrupted. So...i'm planning an
authoritative restore from Server A to Server B (again,
Server "B" has its AD corrupted). These are the steps for
an authoritive restore?

1.Run NTDSUTIL from Server "A"
2.type authoritative restore
3.type restore database

OR

1.Reboot Server "A" and enter in Service Rest. Mode
2.Run NTDSUTIL from Server "A"
3.type authoritative restore
4.type restore database
5.Quit and restart
 
J

Joe

Thanks a lot...

Just one more question.

Unfortunatly (my mistake, i know) i have no system state
neither AD backup. So, i guess what i have to do is the
non-authoritave restore/process (on Server "B") skiping
the restoring step, right? I hope this help, otherwise, i
think my last option is demote and promote Server "B".
-----Original Message-----
Hi,

In your case, you must do a NON authoritative restore on
Click to expand...
your server B with a backup of server B. You boot in AD
restore mode and restore system state of server B then you
reboot normally the server.
When it will come online, it will replicate data from your server A.

What is an authoritative restore?

You have to do an authoritative restore when you have
Click to expand...
deleted something in AD that you should not and the DC on
which you delete rthe object has replicated with other DC.
Now the deleted object is referenced in AD as deleted.
Each object in AD has a USN which is the version of the object.

To restore your deleted object you boot in AD restore
Click to expand...
mode, you restore system state. Your deleted object is now
restored but its USN is smaller than the USN of the
deleted object that is curently in AD. So when you reboot
your dc, it replicates with other, the USN of the deleted
object is greater than the restored object so it deletes
it.
In order to make the USN of the restored object greater
Click to expand...
than the deleted object, you use authoritative restore but
only on your deleted object. It will add 100 000 to the
USN of the restored object. So when replcate, it will be
kept.
 
P

ptwilliams

Is demoting and promoting that big a deal?? Without a backup I wouldn't
hesitate to do just that...


--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


Thanks a lot...

Just one more question.

Unfortunatly (my mistake, i know) i have no system state
neither AD backup. So, i guess what i have to do is the
non-authoritave restore/process (on Server "B") skiping
the restoring step, right? I hope this help, otherwise, i
think my last option is demote and promote Server "B".
-----Original Message-----
Hi,

In your case, you must do a NON authoritative restore on
Click to expand...
your server B with a backup of server B. You boot in AD
restore mode and restore system state of server B then you
reboot normally the server.
When it will come online, it will replicate data from your server A.

What is an authoritative restore?

You have to do an authoritative restore when you have
Click to expand...
deleted something in AD that you should not and the DC on
which you delete rthe object has replicated with other DC.
Now the deleted object is referenced in AD as deleted.
Each object in AD has a USN which is the version of the object.

To restore your deleted object you boot in AD restore
Click to expand...
mode, you restore system state. Your deleted object is now
restored but its USN is smaller than the USN of the
deleted object that is curently in AD. So when you reboot
your dc, it replicates with other, the USN of the deleted
object is greater than the restored object so it deletes
it.
In order to make the USN of the restored object greater
Click to expand...
than the deleted object, you use authoritative restore but
only on your deleted object. It will add 100 000 to the
USN of the restored object. So when replcate, it will be
kept.
 
G

Guest

Yes you can demote it and promote it, but before that, you should transfer any FSMO roles owned by this server to the other.
If Server B is the second DC you installed and if you have made no change, it should not own roles.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Authoritative Restore Failed 3
procedure required for complete active directory restore to aprevious state 9
Failed Authoritative Restore 3
testing authoritative restore of objects in a windows 2003 SP2 domain 2
Authoritative vs Nonauthoritative restore 6
Authoritative Restore (Restore Database Command) 1
Restore Active Directory in authoritative mode works only once from a given backup set 2
authoritative restore of OU -help 1

Top