70-294 Concepts: Active Directory Restore

  • Delete OU which was replicared, need t o perform authoratative restore (not lostandfound; when below is not available)
  • Delete ou which was replicated, need to perform non-auth restore, and then mark single OU as auth (more granular than above, when available as an answer)
  • Failued of hard drive on one dc (multi dc enviro), non-authoriataive restore
  • Any restore of AD requires DSRM (Directory Services Restore Mode) – boots local uses local username/password SAM; no GPO applied
  • Safe mode still boots AD, but does not apply GPO on DC
  • Use NTDSUTIL to reset DSRM password on each DC seperately
  • Rombstone lifespan should be greater than backup interval, use ADSIedit, script or ldp.exe to modify time (default 60 days)