- How to rename the local administrator with Group Policy - Mon, Nov 2 2015
- Active Directory authoritative restore with Windows Server Backup (wbadmin) - Fri, Oct 9 2015
- Best practices for securing Active Directory - Fri, Oct 2 2015
An authoritative restore will replicate the restore object across your domain controllers. This restore process will increase the Unique Sequence Number (USN) of all attributes on the restored object. Because the object will have a much higher version number, it will replicate across all your domain controllers and overwrite any existing references to the previous object (which has a much lower USN).
User object in Active Directory Users and Computers
The following tutorial will walk you through restoring a user account called “Andrew Fitzgerald.” I’ve deleted my user account within Active Directory Users and Computers and I’m going to restore this account from a local machine using wbadmin.
- To get started and restore from your backup, you will need to restart the domain controller in Directory Recovery Mode. Reboot the domain controller and press F8 after the BIOS post. Another option is to execute the following commands:
bcdedit /set safeboot dsrepair shutdown –r –t 0
- Log in locally using .\administrator as the username. Use the password you set up during the domain controller promo installation for the Directory Services Restore Mode (DSRM).
- After you log in, right-click the safe mode Start menu and select Command Prompt (Admin).
- At the command prompt, select the backup you want to restore. You can do this by typing the following command:
wbadmin get versions
- My demo only shows one backup, which we will use to restore the deleted user object. Type this command:
wbadmin start systemstaterecovery –version:09/04/2015-15:33
The version parameter is for the backup identifier.
- At the prompt to continue, type Y for yes and press Enter.
- On the next screen, type Y to continue the recovery operation.
- When the recovery process completes, type Y to reboot.
- After the server has rebooted, re-open the administrator command prompt and enter the following command:
- At the ntdstuil prompt, enter:
activate instance ntds
- Next, run this command:
- At the authoritative restore prompt, type the full path to the object you want to restore. For my example, I would type:
restore object “cn=Andrew Fitzgerald,OU=London,DC=vmdomain,DC=local”
- Click Yes to confirm.This will restore the object and add a large attribute version number higher than 100,000. Mine went up by 400,000. This is so this object will overwrite any other versions on your other domain controllers.
- Exit the authoritative restore by typing:quitAnd then exit ntdsutil by typing:
- At the samecommand prompt, type the following to stop the server from booting into Safe Mode:
bcdedit /deletevalue safeboot
- Restart your server and log in normally. If you check Active Directory Users and Computers, you should now see that the deleted object has been restored.