Link to home
Start Free TrialLog in
Avatar of jskfan
jskfanFlag for Cyprus

asked on

AD Authoritative and Non-Authoritative Restore

If I understand:
AD Authoritative restore comes into play when for instance an OU with or without sub-object is deleted by mistake.
In this case how can I tell which objects have been deleted by mistake. Some articles talk about using ADSIEdit to pinpoint the deleted objects.If so how to use it?
I am not sure If using ADSIEDit can tell witch object has been deleted and which has not.
In which case should I use Non-Authoritative restore?

Steps to use in Authoritative restote(correct me if I am wrong):
1- After noticing or being notified that an object has been deleted, use ADSIEdit and see if it's showing up, if so that means the delete object has been replicated from the deleted DC to the DC I am on, otherwise I will wait for the Replication to Occur.
2- After the replication has occurred and the ADSIEdit shows the object, Reboot  the DC in AD Restore more by pressing F8. If the Restore mode password
is forgotten, then reboot in normal mode and use DRSM tool to reset password.
3-after rebooting to AD Restore mode run the NTDsutil to do the authoritative restore and reboot in normal mode.

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jskfan

ASKER

how do we locate the AD Objects that have been deleted?

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jskfan

ASKER

Regarding the LDP.exe, it is used to view and restore deleted objects in AD.

I thought they use NTDSutil the perform authoritative restore, in order to restore the deleted items.

it's confusing now , which one to use
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jskfan

ASKER

so what s the difference between ldp.exe and ntdsutil  ?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jskfan

ASKER

It is still not clear which should I use and why.
Ldp.exe vs ntdsutil
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jskfan

ASKER

the blog talks about what happens after you do the authoritative restore
it doesn't compare between Ldp.exe restore and Authoritative restore using NTDSutil.
I want to know the difference.

thanks
Avatar of jskfan

ASKER

thanks