DESKTOP

Windows Server 2008 : Using ntdsutil - Performing an Authoritative Restore, Removing a Domain Controller from Active Directory

1/1/2014 8:13:43 PM

1. Performing an Authoritative Restore

When you do a normal nonauthoritative restore in a domain with more than one DC, the restored DC will replicate with other DCs in the domain to update itself. The restored DC will quickly have all the changes that occurred since the last backup. However, there are times when you want to restore objects authoritatively. In other words, when the restored DC comes back up, you want objects restored on the DC to be replicated to other DCs. You want this DC to communicate to all the other DCs that its change is the authoritative change.

For example, if an administrator accidentally deletes a user object and you perform a nonauthoritative restore, the user object will be deleted again as soon as the DC replicates with other DCs. However, you can restore the user object authoritatively, and you can even restore entire OUs authoritatively.

You can use the commands in the following table to authoritatively restore AD objects from the authoritative restore prompt in ntdsutil.

Restore CommandComments
Restore OU. 
restore subtree dn

authoritative restore: 
restore subtree
"ou=sales,dc=pearson,dc=pub"

You can use this to restore an OU (including child OUs). The example command restores the Sales OU.
Restore Object. 
restore object dn

authoritative restore: 
restore object "cn=Sally,
ou=sales,dc=pearson,dc=pub"

This enables you to restore an individual object. The example command restores the Sally user object in the sales OU.

The following table shows the overall steps to perform an authoritative restore.

StepCommand
1.Reboot the DC and press F8 to access Advanced Boot Options.
2.Select Directory Services Restore Mode. When prompted, log on with the user name of .\administrator and the DSRM password.
3.Restore AD nonauthoritatively from a backup. You can use the command-line backup tool, wbadmin, or any other method your organization has available. Do not reboot after the restore is complete.


4.Launch a command prompt, type ntdsutil, and then press Enter.
5.Type activate instance ntds and press Enter.
6.Type authoritative restore and press Enter.
7.At this point, determine whether you’re restoring an OU or an object. The previous table showed the syntax to restore either an OU or an object. Type the restore command and press Enter.

For example, to restore a user object, use the following format:

restore object dn

restore object “cn=Sally,ou=sales,dc=pearson,dc=pub”

Or, to restore an OU, use the following format:

restore subtree dn

restore subtree “ou=sales,dc=pearson,dc=pub”

Note

This increments the update sequence number (USN) so that all other DCs consider it the most recent change.

8.Type quit and press Enter twice to exit ntdsutil.
9.Restart the DC normally.

2. Removing a Domain Controller from Active Directory

If you run dcpromo on a DC to remove AD, the AD database will be updated to show that this server is no longer a DC. However, if a DC fails, you won’t be able to run dcpromo.

If the DC has failed, AD still thinks it’s an active DC. This causes a wide variety of errors that can be resolved if you remove the DC from AD, as shown in the following steps.

StepCommand
1.Start a command prompt with administrative permissions.
2.Type ntdsutil and press Enter.
3.Type metadata cleanup and press Enter. This accesses the metadata cleanup prompt.
4.Type connections and press Enter. This accesses the connections prompt.
5.Connect to an active DC in the domain with the following command. Substitute the FQDN of an active DC in your domain.

connect to server dc-fqdn

connect to server dc1.pearson.pub
6.Type quit and press Enter. This brings you back to the metadata cleanup prompt.
7.Type select operation target and press Enter. This accesses the select operation target prompt.
8.Select the site where the damaged DC is located with the following commands. Substitute the number of the site in the second command based on the output of the list sites command.

Type list sites and press Enter.

Type select site number and press Enter.
9.Select the damaged DC with the following commands. Substitute the number of the server in the second command based on the output of the list servers in site command.

Type list servers in site and press Enter.

Type select server number and press Enter.
10.Type quit and press Enter. This brings you back to the metadata cleanup prompt.
11.Type remove selected server and press Enter. This removes the instance of the server from AD.
12.Type quit and press Enter.
Other  
  •  Windows Server 2008 : Using ntdsutil - Moving Active Directory to a Different Drive, Defragmenting Active Directory
  •  Windows Server 2008 : Using ntdsutil - Resetting the Directory Services Restore Mode Password, Changing the Garbage Collection Logging Level
  •  Windows Server 2003 : Deploying Stub Zones - Benefits of Stub Zones, Stub Zone Updates
  •  Windows Server 2003 : Creating Zone Delegations - Delegating Zones
  •  Windows Server 2003 : Configuring Advanced DNS Server Properties (part 2)
    •
  •  Windows Server 2003 : Configuring Advanced DNS Server Properties (part 1)
    •
  •  Windows 7 : Working with the Multi-Touch User Interface (part 3) - Adding Multi-Touch Interface Functionality
  •  Windows 7 : Working with the Multi-Touch User Interface (part 2) - Obtaining the Multi-Touch Platform Interop Library, Configuring the Application
  •  Windows 7 : Working with the Multi-Touch User Interface (part 1)
    •
  •  Windows Server 2003 : Configuring Zone Properties and Transfers (part 4)
    •
     
    Top 10
    3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
    3 Tips for Maintaining Your Cell Phone Battery (part 1) - Charge Smart
    OPEL MERIVA : Making a grand entrance
    FORD MONDEO 2.0 ECOBOOST : Modern Mondeo
    BMW 650i COUPE : Sexy retooling of BMW's 6-series
    BMW 120d; M135i - Finely tuned
    PHP Tutorials : Storing Images in MySQL with PHP (part 2) - Creating the HTML, Inserting the Image into MySQL
    PHP Tutorials : Storing Images in MySQL with PHP (part 1) - Why store binary files in MySQL using PHP?
    Java Tutorials : Nested For Loop (part 2) - Program to create a Two-Dimensional Array
    Java Tutorials : Nested For Loop (part 1)
    REVIEW
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    VIDEO TUTORIAL
    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
    Popular Tags
    Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS