If you take regular backups of your Active Directory database with Windows Server Backup (wbadmin) and you need to restore a deleted Active Directory object (whether it’s a user account or a container), you can perform an authoritative restore from your wbadmin backup with the steps described in this article. 

An authoritative restore will replicate the restore object across your domain controllers. This restore process will increase the Unique Sequence Number (USN) of all attributes on the restored object. Because the object will have a much higher version number, it will replicate across all your domain controllers and overwrite any existing references to the previous object (which has a much lower USN).

User object in Active Directory Users and Computers

User object in Active Directory Users and Computers

The following tutorial will walk you through restoring a user account called “Andrew Fitzgerald.” I’ve deleted my user account within Active Directory Users and Computers and I’m going to restore this account from a local machine using wbadmin.

  1. To get started and restore from your backup, you will need to restart the domain controller in Directory Recovery Mode. Reboot the domain controller and press F8 after the BIOS post. Another option is to execute the following commands:
     bcdedit /set safeboot dsrepair 
     shutdown –r –t 0

    The latter command restarts the domain controller without delay. Your server will automatically reboot into Safe Mode.
    Restart the domain controller into Directory Recovery Mode

  2. Log in locally using .\administrator as the username. Use the password you set up during the domain controller promo installation for the Directory Services Restore Mode (DSRM).
  3. After you log in, right-click the safe mode Start menu and select Command Prompt (Admin).
    Command Prompt (Admin)
  4. At the command prompt, select the backup you want to restore. You can do this by typing the following command:
    wbadmin get versions

    This will query your server and show information about your recent backups.
    bcdedit :deletevalue safeboot

  5. My demo only shows one backup, which we will use to restore the deleted user object. Type this command:
    wbadmin start systemstaterecovery –version:09/04/2015-15:33

    The version parameter is for the backup identifier.

  6. At the prompt to continue, type Y for yes and press Enter.
  7. On the next screen, type Y to continue the recovery operation.
    Continue the recovery operation
  8. When the recovery process completes, type Y to reboot.
    Recovery process starts
  9. After the server has rebooted, re-open the administrator command prompt and enter the following command:
    ntdsutil
  10. At the ntdstuil prompt, enter:
    activate instance ntds
  11. Next, run this command:
    authoritative restore
  12. At the authoritative restore prompt, type the full path to the object you want to restore. For my example, I would type:
    restore object “cn=Andrew Fitzgerald,OU=London,DC=vmdomain,DC=local”
  13. Click Yes to confirm.This will restore the object and add a large attribute version number higher than 100,000. Mine went up by 400,000. This is so this object will overwrite any other versions on your other domain controllers.
    Confirming the authorative restore
    Large attribute version number
  14. Exit the authoritative restore by typing:quitAnd then exit ntdsutil by typing:
    quit
  15. At the samecommand prompt, type the following to stop the server from booting into Safe Mode:
    bcdedit /deletevalue safeboot
  16. Restart your server and log in normally. If you check Active Directory Users and Computers, you should now see that the deleted object has been restored.
+1
1 Comment
  1. Dennis 5 years ago

    Part of object recovery is to recover the backlinks with ldifde. Best practice is to disable the replication on the DC you perform the authoritative restore.

    +1

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account