Hi Dear visitors
Last night I thought to myself about what kind of article I should make for you, and today I want to show you very important article about Authoritative Restore,
For people who forgot what is “Authoritative Restore”, the Authoritative Restore is a Microsoft feature which allows us to restore any kind OU, objects such as OU, Group, User, group, etc….
Authoritative Restore option required us to enter to MSRM mode (Directory Services Restore Mode) and perform some NTDSUTIL & WBADMIN commands.
Just to clarify what “Authoritative Restore” and Non-Authoritative Restore” are:
Authoritative Restore allows us to restore any object without push updates from other DC (no replicate)
NonAuthoritative Restore replicate push updates ((Replication) from other DC’s
I have created a user which called “Zubi Dubi ” in Active Directory and then I deleted the object, but before I delete it, I performed a system state backup using Windows Server Backup to DC:
So I want to start with the process, I’m opening a new CMD and type “Msconfig”, in Msconfig windows I will set the next boot of DC will boot with “Active Directory Repair”
Restart “
The booted up and I opened Command Line Windows, in Command Line windows we have type “Wbamin get version ” which provide us lasted backup information, I have selected “2014\24\10” backup
In order to start with the Recovery process, we have use of this command:
“Wbadmin Start Systemstaterecovery -version:”Version identifier”
Confirmed with “YES”
Confirmed with “YES”
Recover process :
Now we have to do a restart
After the restart we have to open another CMD and type “Ntdsutil” and type:
activate instnace ntds
authoritative restore
Restore Object command allow us to restore objects,
We have to specify the LDAP path of the object and click on Yes
Here you can see that the process is running and finished
We have to quit not so type twice “1st Quit, 2nd Quit ” and then please cancel the MSRM mode from MSCONFIG
And the user (Zubi Dubi) restored successfully.