70-294 Concepts: Active Directory Restore


  • graduationDelete OU which was replicared, need t o perform authoratative restore (not lostandfound; when below is not available)
  • Delete ou which was replicated, need to perform non-auth restore, and then mark single OU as auth (more granular than above, when available as an answer)
  • Failued of hard drive on one dc (multi dc enviro), non-authoriataive restore
  • Any restore of AD requires DSRM (Directory Services Restore Mode) – boots local uses local username/password SAM; no GPO applied
  • Safe mode still boots AD, but does not apply GPO on DC
  • Use NTDSUTIL to reset DSRM password on each DC seperately
  • Rombstone lifespan should be greater than backup interval, use ADSIedit, script or ldp.exe to modify time (default 60 days)

One thought on “70-294 Concepts: Active Directory Restore

Add yours

  1. Scriptlogic’s active administrator can recover active directory objects in a very granular way down to a single attribute of a single object.

    And the best thing about this product is that it can do it even without rebooting into directory services restore mode while keeping domain controller online.

Leave a Reply to Scott Santini Cancel reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Powered by WordPress.com.

Up ↑

%d bloggers like this: