Microsoft supports the following methods for restoring the Active Directory on a Domain Controller:
• |
Non-Authoritative Restore: During non-authoritative restore, the distributed services on a Domain Controller are restored from the backup media, and the restored data is then updated through normal replication. Non-authoritative restore is typically performed when a Domain Controller has completely failed due to hardware or software problems. |
• |
Authoritative Restore: During authoritative restore, an entire directory, a subtree, or individual objects can be designated to take precedence over any other instances of those objects on the Domain Controllers. Through normal replication, the restored Domain Controller becomes authoritative in relation to its replication partners. Authoritative restore is typically used to restore a system to a previously known state, for example, if one or more Active Directory objects were erroneously deleted. |
• |
Primary Restore: Primary restore is used when the server you are trying to restore is the only running server of a replicated data set (for example, the SYSVOL and FRS). |
To perform an authoritative restore of the Active Directory data, you must run the “ntdsutil” utility after you have restored the System State data, but before you restart the server. The ntdsutil utility lets you mark Active Directory objects for authoritative restore. When an object is marked for authoritative restore, its update sequence number is changed so that it is higher than any other update sequence number in the Active Directory replication system. This change ensures that any replicated or distributed data that you restore is properly replicated or distributed to all servers. For more information about ntdsutil, see the relevant Microsoft documentation.
The NetVault supports the following restore methods for the SYSVOL directory:
• |
Primary Restore: Use this restore type only when restoring SYSVOL on a standalone Domain Controller, or on the first of several Domain Controllers. Typically, a primary restore is only required when all the Domain Controllers in the Domain are lost, and you are trying to rebuild the Domain from backup. Select Primary only for the first server. Do not use this restore type if you have already restored SYSVOL on one or more servers. |
• |
Authoritative Restore: Use this restore type when you have more than one Domain Controller to roll back the SYSVOL changes, and replicate the restored data to all other servers. |
• |
Non-Authoritative Restore: Use this restore type when you want to restore the data on a single Domain Controller in a replicated environment without replicating the restored data to the other servers. |
Before you start the restore procedure, ensure that the following requirements are met:
• |
If the destination server is a Windows Domain Controller, start it in the Directory Services Restore Mode. To start the server in this mode, press F8 during boot, and select Directory Services Restore Mode in the list of boot methods. |
1 |
In the Navigation pane, click Create Restore Job. |
3 |
On the Create Selection Set page, select the data that you want to restore: |
IMPORTANT: On Domain Controllers, you must always include C Drive in System State backups and restores. When you include the C Drive, all information about the Group Policy Objects (GPOs) is included during backups and restores.
“Failed to open the Group Policy Object. You may not have appropriate rights.” |
4 |
6 |
NOTE: To create a copy of the System State data without affecting the active system, select the Restore to a File option, and type the full file path to the alternate location where you want to restore the data. This option is intended for advanced users. Quest offers no support or instructions on how to use the data restored in this manner. |
• |
Primary SYSVOL Restore: Select this check box only when you are rebuilding the Domain. You can use this option to restore a standalone Domain Controller, or to restore the first of several Domain Controllers. |
• |
Authoritative SYSVOL Restore: Select this check box to restore the system to a previously known state, and replicate the restored data to all the other servers. |
• |
Non-Authoritative SYSVOL Restore: Select this check box to restore a single Domain Controller and update the restored data through normal replication process. |
8 |
9 |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center