On the Windows Server 2012-based or higher computer you want to promote to a domain controller, use Server Manager to install the Active Directory Domain Services (AD DS) role: in Server Manager, on the Manage menu, click Add Roles and Features, and then follow the steps in the wizard to install the AD DS role.
Use the Install-ADDSDomainController cmdlet supplied with Windows PowerShell to create a new domain controller from the backup you extracted in Step 1: Create and extract a backup. To specify the path to the extracted backup, use the -InstallationMediaPath parameter of the cmdlet.
To view detailed information about the Install-ADDSDomainController cmdlet, in the Windows PowerShell window, type the following:
Get-Help Install-ADDSDomainController -detailed
When undeleting an object by using the agentless method, the Online Restore Wizard employs LDAP functions along with the Restore Deleted Objects feature provided by the Windows operating system. This feature restores only the attributes preserved in the object’s tombstone. The other attributes are restored from a backup. However, some attributes, such as Password and SID History cannot be written using LDAP functions, and thus cannot be restored from a backup via the agentless method.
In many situations, the inability to restore the Password attribute from a backup is not a big problem as an object’s password can be reset after restoring the object. As for the SID History attribute, its restoration may be business-critical. An example is a situation where the domain from which the object was migrated is unavailable or decommissioned, and therefore SID History cannot be re-added.
To enable the restoration of these two attributes using the agentless method, the Active Directory schema may be modified so that these attributes are preserved in object tombstones. As a result, an undeleted object has the same Password and SID History as the object had when it was deleted.
As this solution requires schema modifications, it should be carefully considered. Microsoft recommends modifying or extending the schema only in extreme situations. Proceed with extreme caution, because making a mistake may render the directory service unstable, resulting in a reinstallation.
Often, organizations are reluctant to make changes to the schema because schema modifications may result in heavy replication traffic. It is not the case for the schema modifications described in this article as they do not affect the partial attribute set (PAS).
Note |
Recovery Manager for Active Directory also provides an agent-based method for restoring or undeleting objects. With the agent-based method any attributes can be restored. The agent-based method does not require any schema modifications. |
To preserve passwords and SID history in object tombstones, complete the following steps:
© ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center