windows 2003/2008 Server authoritative restore of single object
If there is only one Domain controller in a network and I need to restore just one object by using ntdsutil in AD restore mode.
Is it possible or those it depent on the backup software. The normal procedure is to boot in restore mode run the restore of ad from the backup software, use ntdsutil and set it to authoritative and specify the object, boot normal.
Is it possible or those it depent on the backup software. The normal procedure is to boot in restore mode run the restore of ad from the backup software, use ntdsutil and set it to authoritative and specify the object, boot normal.
You can re-animate the tombstoned object with adrestore. If will not restore back-links to groups and the object will be striped.
http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx
With 2008 you can restore objects from a snapshot (taken with ntdsutil).
http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx
With 2008 you can restore objects from a snapshot (taken with ntdsutil).
ASKER
So it is correct that any Backup Software completely restores the AC Database.
And if there is only one DC no other DCs will overwrite the restored database/objects.
If an object is deleted by using adsiedit I think it cannot be restored with adrestore.
And if there is only one DC no other DCs will overwrite the restored database/objects.
If an object is deleted by using adsiedit I think it cannot be restored with adrestore.
*Any AD aware backup software.
A single DC domain has not any replication partners so I don't replicate restored or deleted objects.
I have only tested ADrestore with user objects, so if you delete attributes within adsi adrestore can't help you. (btw you don't have to boot in DSRM to use re-animation).
A single DC domain has not any replication partners so I don't replicate restored or deleted objects.
I have only tested ADrestore with user objects, so if you delete attributes within adsi adrestore can't help you. (btw you don't have to boot in DSRM to use re-animation).
ASKER
With a singel DC domain I do not need to boot in DSRM, right?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
But you should offcourse have more then one DC for redundancy! :)
http://www.computerperformance.co.uk/w2k3/utilities/windows_authoritative_restore.htm
Windows Server R2 presented recycle bin of AD - you can restore objects right away.