Restore an OU

Add a comment March 11th, 2010

Assuming you have a 2003 DC SP1< and a good System state backup. Not older than your domains tombstone lifetime.

Start the DC in DSRM (F8 at boot)

fig.1

Start NTBackup

Restore Wizard > Next

Choose the System state backup file > Next > Advanced

Restore files to “Original Location”

Leave exsisting files > Next

fig.2

If you have only one DC in your domain. Tick the last checkbox (fig.2). If you have more than one, don’t tick it.

Press “Finish”

Do not restart the DC at this moment.

Mark the object as authoritative (meaning the object(s) will get replicated to other DC’s because it’s authoritative)

http://technet.microsoft.com/en-us/library/cc757068(WS.10).aspx

Open cmd >ntdsutil

> authoritative restore

> restore subtree destinguishedName

ie. An OU accidentally got deleted called “Reserves” holding all the Tottenhams reserves user objects. (What the heck. They aren’t good enough for the first team, but maybe someday they will so let’s get them back).

fig.3

> quit

Restart the DC in normal mode (SP1 or newer). The AD Replication will do the job to get the OU and the user objects replicated to the other DC’s in the domain.

If you have a Windows 2003 SP1 or newer DC, the ntdsutil will create two files if the restored user object have any back-links to group membership. If they do you have to restore the back-link aswell. But wait until all DC’s have got the users replicated.

Syntax: ldifde -i -f <ar*.ldf>

ie: ldifde -i -f ar_20100129-081113_links_spurs.local.ldf

If you have a Win2008 R2 domain and restore a user from the Recycle Bin you don’t have to worry about the back-links. The process will do it for you.

  1. No comments yet.Be the first ?
  1. No trackbacks yet.
Comments feed


6 − six =