Active Directory Authoritative and Non Authoritative restore

Focus: Authoritative and Non Authoritative restoration

Non Authoritative Restore

  • Non-Authoritative restore brings back the DC to its state at the time of backup.
  • After the restoration, other DCs will replicate with the newly restored DC with the changes occurred after the backup.
  • This method is mainly used when a DC fails due to hardware/software issue.
  • Non-Authoritative restore is performed in Directory Service Restore Mode (DSRM).

Authoritative Restore
  • Authoritative restore is to help administrators to revert or undo any change made in AD mainly caused by human errors
  • The most common example is the restoration of a deleted object.
  • When an Authoritative restoration of an object is done, the version number of all attributes of that object will be incremented thereby making it authoritative.
  • After restoration, as with the non authoritative restore, the restored DC contacts other DCs and the newly restored object will be replicated to the other DCs due to its higher version number which makes it appear to be more recent.
  • Authoritative restore makes use of ntdsutil tool for restoration.
  • Authoritative restore is performed in Directory Service Restore Mode (DSRM).

How to restore ?
  • First and foremost, a genuine backup should be there. Take the backup after installing Windows Server Backup feature.
  • The account should have domain admin privilege
  • Restart the server in DSRM
  • Open Command prompt and execute the below command to get the list of available backups :
    •  wbadmin get versions
  • Once you get the list of available backups, restore using the below command:
    • wbadmin start systemstaterecovery -version:<version id of the backup to be used>
  • Now you have completed the non authoritative restore of AD
If you want to authoritatively restore an object (testuser) follow the below steps as well in DSRM:
    • In command prompt type ntdsutil and press Enter
    • activate instance NTDS
    • Authoritative restore
    • Now restore the deleted object using the below command
    • Restore Object “CN=Testuser,CN=Users,DC=testdomain,DC=com”
    • Restart the DC


Popular posts from this blog

VMware and Windows Interview Questions: Part 2

VMware and Windows Interview Questions: Part 3

VMware vMotion error at 14%