Active Directory authoritative restore with Windows Server Backup (wbadmin)

• Author
• Recent Posts

Andrew Fitzgerald

Andrew Fitzgerald (MCSE, MCSA,CCNA,VCP,SNIA) has worked as an Infrastructure Consultant for 20 years for some of the biggest firms in London. Follow his blog Network Angel.

Latest posts by Andrew Fitzgerald (see all)

• How to rename the local administrator with Group Policy - Mon, Nov 2 2015
• Active Directory authoritative restore with Windows Server Backup (wbadmin) - Fri, Oct 9 2015
• Best practices for securing Active Directory - Fri, Oct 2 2015

An authoritative restore will replicate the restore object across your domain controllers. This restore process will increase the Unique Sequence Number (USN) of all attributes on the restored object. Because the object will have a much higher version number, it will replicate across all your domain controllers and overwrite any existing references to the previous object (which has a much lower USN).

User object in Active Directory Users and Computers

The following tutorial will walk you through restoring a user account called “Andrew Fitzgerald.” I’ve deleted my user account within Active Directory Users and Computers and I’m going to restore this account from a local machine using wbadmin.

1. To get started and restore from your backup, you will need to restart the domain controller in Directory Recovery Mode. Reboot the domain controller and press F8 after the BIOS post. Another option is to execute the following commands:

    bcdedit /set safeboot dsrepair 
    shutdown –r –t 0

   The latter command restarts the domain controller without delay. Your server will automatically reboot into Safe Mode.
   

2. Log in locally using .\administrator as the username. Use the password you set up during the domain controller promo installation for the Directory Services Restore Mode (DSRM).
3. After you log in, right-click the safe mode Start menu and select Command Prompt (Admin).
   
4. At the command prompt, select the backup you want to restore. You can do this by typing the following command:

   wbadmin get versions

   This will query your server and show information about your recent backups.
   

5. My demo only shows one backup, which we will use to restore the deleted user object. Type this command:

   wbadmin start systemstaterecovery –version:09/04/2015-15:33

   The version parameter is for the backup identifier.

6. At the prompt to continue, type Y for yes and press Enter.
7. On the next screen, type Y to continue the recovery operation.
   
8. When the recovery process completes, type Y to reboot.
   
9. After the server has rebooted, re-open the administrator command prompt and enter the following command:

   ntdsutil

10. At the ntdstuil prompt, enter:

    activate instance ntds

11. Next, run this command:

    authoritative restore

12. At the authoritative restore prompt, type the full path to the object you want to restore. For my example, I would type:

    restore object “cn=Andrew Fitzgerald,OU=London,DC=vmdomain,DC=local”

13. Click Yes to confirm.This will restore the object and add a large attribute version number higher than 100,000. Mine went up by 400,000. This is so this object will overwrite any other versions on your other domain controllers.
    
    
14. Exit the authoritative restore by typing:quitAnd then exit ntdsutil by typing:

    quit

15. At the samecommand prompt, type the following to stop the server from booting into Safe Mode:

    bcdedit /deletevalue safeboot

16. Restart your server and log in normally. If you check Active Directory Users and Computers, you should now see that the deleted object has been restored.