I've lost my user's on my domain.  I have a backup how can I restore.
Who is Participating?
rmconardConnect With a Mentor Commented:
Let me know if this helps you.

In the Windows Server 2003 family, you can restore the Active Directory database if it becomes corrupted or is destroyed because of hardware or software failures. You must restore the Active Directory database when objects in Active Directory are changed or deleted.

You can use one of the three methods to restore Active Directory from backup media: Primary Restore, Normal Restore (i.e. Non Authoritative), and Authoritative Restore.

- Primary Restore: This method rebuilds the first domain controller in a domain when there is no other way to rebuild the domain. Perform a primary restore only when all the domain controllers in the domain are lost, and you want to rebuild the domain from the backup. Members of the Administrators group can perform the primary restore on local computer. On a domain controller, only members of the Domain Admins group can perform this restore.

- Normal Restore: This method reinstates the Active Directory data to the state before the backup, and then updates the data through the normal replication process. Perform a normal restore for a single domain controller to a previously known good state.

- Authoritative Restore: You perform this method in tandem with a normal restore. An authoritative restore marks specific data as current and prevents the replication from overwriting that data. The authoritative data is then replicated through the domain. Perform an authoritative restore for individual object in a domain that has multiple domain controllers. When you perform an authoritative restore, you lose all changes to the restore object that occurred after the backup. You need to use the NTDSUTIL command line utility to perform an authoritative restore. You need to use it in order to mark Active Directory objects as authoritative, so that they receive a higher version recently changed data on other domain controllers does not overwrite System State data during replication.

For example, if you inadvertently delete or modify objects in Active Directory, and those objects were thereafter replicated to other DCs, you will need to authoritatively restore those objects so they are replicated or distributed to the other servers. If you do not authoritatively restore the objects, they will never get replicated or distributed to your other servers because they will appear to be older than the objects currently on your other DCs. Using the NTDSUTIL utility to mark objects for authoritative restore ensures that the data you want to restore gets replicated or distributed throughout your organization.

On the other hand, if your system disk has failed or the Active Directory database is corrupted, then you can simply restore the data normally without using NTDSUTIL. After rebooting the DC, it will receive newer updates from other DCs.
This is very vague.

Are you using a Microsoft Active Directory? If so, have you logged into the AD to see if the user accounts are still there?

Also... when you attempt to use a domain username to log into something, what error do you get? If it's saying the account is locked, you may have a virus on your AD server.

*** Hopeleonie ***Connect With a Mentor IT ManagerCommented:
if you using AD look at this link: http://support.microsoft.com/kb/840001/en-us
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

tbonehwdAuthor Commented:
We are using AD server 2003 and I have a backup of the system state. Will this restore my users and system accounts?
tbonehwdAuthor Commented:
Thanks for this.  I wound up calling microsoft.  I restored the system state from a backup after I booted into recovery safe mode.  We ran NTDSUTIL  I demoted my 2nd dc down to a server right after I lost the user accounts so there was only one DC to restore.  We did the following:

2. Authoritative (Rare): Restoring "Authoritatively" will require the use of the Microsoft utility, "Ntdsutil.exe." Visit the Microsoft Knowledge Base for details on how to run Ntdsutil.exe. This option should only be used when all DCs need to be restored back to a certain time. The Ntdsutil is needed to change the type of restore to Authoritative. In general, the Ntdsutil will add a value (10,000 is default) to all USNs to ensure they will be higher than any other current DCs. Once the restore is done and the Ntdsutil utility is run, replication will occur and the entire active directory will be pushed to the other DCs upon reboot. This effectively overwrites any changes made from the time of backup to the current time. An example of this can be seen in TechNote 236363.

I also did this:

How to restore deleted user accounts and their group memberships in Active Directory http://support.microsoft.com/kb/840001
How to perform an authoritative restore to a domain controller in Windows 2000 http://support.microsoft.com/kb/241594
How to remove data in Active Directory after an unsuccessful domain controller demotion http://support.microsoft.com/kb/216498
Using the BurFlags registry key to reinitialize File Replication Service replica sets http://support.microsoft.com/kb/290762
How To Use Netdom.exe to Reset Machine Account Passwords of a Windows 2000 Domain Controller http://support.microsoft.com/kb/260575
How to use Netdom.exe to reset machine account passwords of a Windows Server 2003 domain controller http://support.microsoft.com/kb/325850

I'm happy to say that I got it all back with the Help Of Microsoft Tech Support - it was well worth the $260.00l
tbonehwdAuthor Commented:
i actually called Microsoft and wrote the solution
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.