Use the Install-ADDSDomainController cmdlet supplied with Windows PowerShell® to create a new domain controller from the backup you extracted in Step 1: Create and extract a backup. To specify the path to the extracted backup, use the -InstallationMediaPath parameter of the cmdlet.
To view detailed information about the Install-ADDSDomainController cmdlet, in the Windows PowerShell® window, type the following:
Get-Help Install-ADDSDomainController -detailed
When undeleting an object by using the agentless method, the Online Restore Wizard employs LDAP functions along with the Restore Deleted Objects feature provided by the Windows operating system. This feature restores only the attributes preserved in the object’s tombstone. The other attributes are restored from a backup. However, some attributes, such as Password and SID History cannot be written using LDAP functions, and thus cannot be restored from a backup via the agentless method.
In many situations, the inability to restore the Password attribute from a backup is not a big problem as an object’s password can be reset after restoring the object. As for the SID History attribute, its restoration may be business-critical. An example is a situation where the domain from which the object was migrated is unavailable or decommissioned, and therefore SID History cannot be re-added.
To enable the restoration of these two attributes using the agentless method, the Active Directory® schema may be modified so that these attributes are preserved in object tombstones. As a result, an undeleted object has the same Password and SID History as the object had when it was deleted.
As this solution requires schema modifications, it should be carefully considered. Microsoft recommends modifying or extending the schema only in extreme situations. Proceed with extreme caution, because making a mistake may render the directory service unstable, resulting in a reinstallation.
Often, organizations are reluctant to make changes to the schema because schema modifications may result in heavy replication traffic. It is not the case for the schema modifications described in this article as they do not affect the partial attribute set (PAS).
Note |
Recovery Manager for Active Directory also provides an agent-based method for restoring or undeleting objects. With the agent-based method any attributes can be restored. The agent-based method does not require any schema modifications. |
To preserve passwords and SID history in object tombstones, complete the following steps:
You are logged on as a member of the Schema Admins group.
Write operations to the schema are allowed.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center