Restoring an OU in AD

T

Toddj

I have a WIN 2k Domain tree operaitng in mixed mode. My
problem is that I deleted an OU and would like to restore
that OU along with the objects that are contained in it
(Users and groups)without restoring the entire active
directory. Therefore, I used the procedures from MS web
site (see below) to restore a single OU but the entire AD
was restored to its last backup. Any thoughts of why the
entire AD was restored and not just the single OU? Am I
missing another command option?

Steps Used:
1. Reboot server
2. Enter Directory Services Restore Mode (F8)
3. Restore system state
4. Type ntdsutil
5. Type Authoritative restore
6. Type restore subtree ou=ou name dc=domain dc=com

Thanks,
 
R

Richard McCall [MSFT]

You restore all of AD on that single DC then you make the OU authoritative.
The reset of AD replicated to the restored DC and the restored OU replicates
Out to the rest of the domain. If that DC was your only DC then any restore
is authoritative
 
T

Toddj

What is the syntax to restore the OU?
-----Original Message-----
You restore all of AD on that single DC then you make the OU authoritative.
The reset of AD replicated to the restored DC and the restored OU replicates
Out to the rest of the domain. If that DC was your only DC then any restore
is authoritative

--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."
I have a WIN 2k Domain tree operaitng in mixed mode. My
problem is that I deleted an OU and would like to restore
that OU along with the objects that are contained in it
(Users and groups)without restoring the entire active
directory. Therefore, I used the procedures from MS web
site (see below) to restore a single OU but the entire AD
was restored to its last backup. Any thoughts of why the
entire AD was restored and not just the single OU? Am I
missing another command option?

Steps Used:
1. Reboot server
2. Enter Directory Services Restore Mode (F8)
3. Restore system state
4. Type ntdsutil
5. Type Authoritative restore
6. Type restore subtree ou=ou name dc=domain dc=com

Thanks,
Click to expand...


.
Click to expand...
 
B

Brian Mahaffey [MSFT]

The syntax for doing an authoritative restore of an OU would be
restore subtree ou=ouname,dc=domainname,dc=xxx

For example if you deleted an OU called Administrators in a domain called
mydomain.local the syntax would be
restore subtree ou=administrators,dc=mydomain,dc=local

Another example would be if the OU name has a space in it
If we had an OU called Administrative Users in a domain called
mydomain.local the syntax would be
restore subtree "ou=administrative users,dc=mydomain,dc=local"

KB article 241594 describes how to do an autoritative restore


--
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Toddj said:
What is the syntax to restore the OU?
-----Original Message-----
You restore all of AD on that single DC then you make the OU authoritative.
The reset of AD replicated to the restored DC and the restored OU replicates
Out to the rest of the domain. If that DC was your only DC then any restore
is authoritative

--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."
I have a WIN 2k Domain tree operaitng in mixed mode. My
problem is that I deleted an OU and would like to restore
that OU along with the objects that are contained in it
(Users and groups)without restoring the entire active
directory. Therefore, I used the procedures from MS web
site (see below) to restore a single OU but the entire AD
was restored to its last backup. Any thoughts of why the
entire AD was restored and not just the single OU? Am I
missing another command option?

Steps Used:
1. Reboot server
2. Enter Directory Services Restore Mode (F8)
3. Restore system state
4. Type ntdsutil
5. Type Authoritative restore
6. Type restore subtree ou=ou name dc=domain dc=com

Thanks,
Click to expand...


.
Click to expand...
Click to expand...
 
T

Toodj

Thats the syntax that I'm using, but the changes that
were made in AD after the last backup are being restored
to the last backup (In other OU's that are not a sub of
the deleted OU). I only want the deleted OU to be
restored not the other changes in different OU's. Is this
possible?
-----Original Message-----
The syntax for doing an authoritative restore of an OU would be
restore subtree ou=ouname,dc=domainname,dc=xxx

For example if you deleted an OU called Administrators in a domain called
mydomain.local the syntax would be
restore subtree ou=administrators,dc=mydomain,dc=local

Another example would be if the OU name has a space in it
If we had an OU called Administrative Users in a domain called
mydomain.local the syntax would be
restore subtree "ou=administrative users,dc=mydomain,dc=local"

KB article 241594 describes how to do an autoritative restore


--
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

What is the syntax to restore the OU?
-----Original Message-----
You restore all of AD on that single DC then you make the OU authoritative.
The reset of AD replicated to the restored DC and the restored OU replicates
Out to the rest of the domain. If that DC was your
Click to expand...
only
DC then any restore
is authoritative

--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."
I have a WIN 2k Domain tree operaitng in mixed mode. My
problem is that I deleted an OU and would like to restore
that OU along with the objects that are contained in it
(Users and groups)without restoring the entire active
directory. Therefore, I used the procedures from MS web
site (see below) to restore a single OU but the
Click to expand...
entire
AD
was restored to its last backup. Any thoughts of why the
entire AD was restored and not just the single OU? Am I
missing another command option?

Steps Used:
1. Reboot server
2. Enter Directory Services Restore Mode (F8)
3. Restore system state
4. Type ntdsutil
5. Type Authoritative restore
6. Type restore subtree ou=ou name dc=domain dc=com

Thanks,




.
Click to expand...
Click to expand...


.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

authoritative restore of OU -help 1
procedure required for complete active directory restore to aprevious state 9
Recovering OU from CN=Deleted Objects 4
How to show part of the AD Users and Computer in the Tree 2
Change mailNickname Attribute on all users in AD - csvde Constraint Violoation, entry skipped. 2
Identify logonserver for all computer accounts in AD 3
Creating a shortcut to open AD in a specific OU 2
Export all OU in the forest using LDIFDE 1

Top