Consider the following when restoring system state backups to a second system:
Microsoft supports the following methods for restoring the Active Directory on a Domain Controller:
• |
Non-Authoritative Restore: During non-authoritative restore, the distributed services on a Domain Controller are restored from the backup media, and the restored data is then updated through normal replication. Non-authoritative restore is typically performed when a Domain Controller has completely failed due to hardware or software problems. |
• |
Authoritative Restore: During authoritative restore, an entire directory, a subtree, or individual objects can be designated to take precedence over any other instances of those objects on the Domain Controllers. Through normal replication, the restored Domain Controller becomes authoritative in relation to its replication partners. Authoritative restore is typically used to restore a system to a previously known state, for example, if one or more Active Directory objects were erroneously deleted. |
• |
Primary Restore: Primary restore is used when the server you are trying to restore is the only running server of a replicated data set (for example, the SYSVOL and FRS). |
To perform an authoritative restore of the Active Directory data, you must run the “ntdsutil” utility after you have restored the System State data, but before you restart the server. The ntdsutil utility lets you mark Active Directory objects for authoritative restore. When an object is marked for authoritative restore, its update sequence number is changed so that it is higher than any other update sequence number in the Active Directory replication system. This change ensures that any replicated or distributed data that you restore is properly replicated or distributed to all servers. For more information about ntdsutil, see the relevant Microsoft documentation.
• |
Primary Restore: Use this restore type only when restoring SYSVOL on a standalone Domain Controller, or on the first of several Domain Controllers. Typically, a primary restore is only required when all the Domain Controllers in the Domain are lost, and you are trying to rebuild the Domain from backup. Select Primary only for the first server. Do not use this restore type if you have already restored SYSVOL on one or more servers. |
• |
Authoritative Restore: Use this restore type when you have more than one Domain Controller to roll back the SYSVOL changes, and replicate the restored data to all other servers. |
• |
Non-Authoritative Restore: Use this restore type when you want to restore the data on a single Domain Controller in a replicated environment without replicating the restored data to the other servers. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center