Delete OU which was replicared, need t o perform authoratative restore (not lostandfound; when below is not available)- Delete ou which was replicated, need to perform non-auth restore, and then mark single OU as auth (more granular than above, when available as an answer)
- Failued of hard drive on one dc (multi dc enviro), non-authoriataive restore
- Any restore of AD requires DSRM (Directory Services Restore Mode) – boots local uses local username/password SAM; no GPO applied
- Safe mode still boots AD, but does not apply GPO on DC
- Use NTDSUTIL to reset DSRM password on each DC seperately
- Rombstone lifespan should be greater than backup interval, use ADSIedit, script or ldp.exe to modify time (default 60 days)
70-294 Concepts: Active Directory Restore
