Restore an OU
Assuming you have a 2003 DC SP1< and a good System state backup. Not older than your domains tombstone lifetime.
Start the DC in DSRM (F8 at boot)
Restore Wizard > Next
Choose the System state backup file > Next > Advanced
Restore files to “Original Location”
Leave exsisting files > Next
If you have only one DC in your domain. Tick the last checkbox (fig.2). If you have more than one, don’t tick it.
Do not restart the DC at this moment.
Mark the object as authoritative (meaning the object(s) will get replicated to other DC’s because it’s authoritative)
Open cmd >ntdsutil
> authoritative restore
> restore subtree destinguishedName
ie. An OU accidentally got deleted called “Reserves” holding all the Tottenhams reserves user objects. (What the heck. They aren’t good enough for the first team, but maybe someday they will so let’s get them back).
Restart the DC in normal mode (SP1 or newer). The AD Replication will do the job to get the OU and the user objects replicated to the other DC’s in the domain.
If you have a Windows 2003 SP1 or newer DC, the ntdsutil will create two files if the restored user object have any back-links to group membership. If they do you have to restore the back-link aswell. But wait until all DC’s have got the users replicated.
Syntax: ldifde -i -f <ar*.ldf>
ie: ldifde -i -f ar_20100129-081113_links_spurs.local.ldf
If you have a Win2008 R2 domain and restore a user from the Recycle Bin you don’t have to worry about the back-links. The process will do it for you.