Skip to content
- Delete OU which was replicared, need t o perform authoratative restore (not lostandfound; when below is not available)
- Delete ou which was replicated, need to perform non-auth restore, and then mark single OU as auth (more granular than above, when available as an answer)
- Failued of hard drive on one dc (multi dc enviro), non-authoriataive restore
- Any restore of AD requires DSRM (Directory Services Restore Mode) – boots local uses local username/password SAM; no GPO applied
- Safe mode still boots AD, but does not apply GPO on DC
- Use NTDSUTIL to reset DSRM password on each DC seperately
- Rombstone lifespan should be greater than backup interval, use ADSIedit, script or ldp.exe to modify time (default 60 days)
One thought on “70-294 Concepts: Active Directory Restore”
Scriptlogic’s active administrator can recover active directory objects in a very granular way down to a single attribute of a single object.
And the best thing about this product is that it can do it even without rebooting into directory services restore mode while keeping domain controller online.