Just thought I should list the step by step process for performing authoritative restore in active directory for windows server 2003. But first, just a brief summary of the difference between an authoritative and a non authoritative restore.
A non Authoritative restore is hardware failures or other software issues that results in the complete restoration of the directory services from backup.
An Authoritative restore is used when a change or deletion of an object is made in Active Directory and the action/change have to be reverse. An example can be a user mistakenly deletes an OU or a user object, then decided to reverse the action by restoring the OU or user object that has been deleted.
Steps on performing an authoritattive restore. In this scenerio, I deleted an OU and a user and then restore both through authoritative restore process. Read more…
Isaac Oben Active Directory Authoritative restore, ntbackup, ntdsutil, perform authoritative restore, system state backup
In previous post I outline some guidelines on how to remove demoted domain controller from domain using ntdsutil.exe. In this post, I will give guides on removing a naming context, be it a child domain or a DNS zone from Active Directory usning ntdsutil.exe.
First. make sure that no domain controller or replica objects exists in your forest for the domain in question. If they do, use previous steps [link here] to remove the objects before proceeding to delete the domain from the forest. Read more…
Isaac Oben Active Directory Delete child domain, delete domain, delete naming context, ntdsutil, remove DomainDNSZone
If you ever have been in a situation where your domain controller crashes or failed and there is no way you intend to bring it back to production then you must remove the failed domain controller objects from Active Directory. In a regular procedure, to remove Domain controller from domain, you will run dcpromo to demote, but in this case, the domain controller is no more, so you have to use the ntdsutil tool to remove the objects from active directory. Also, you will need ntdsutil to remove domain controller from domain in a situation where you have tried to use dcpromo to demote but it failed, then you decided to use dcpromo /forceremoval. The force removal process does not totally clean the DC objects, so you will need to use ntdsutil to complete the process. Read more…
Isaac Oben Active Directory Active Directory, delete domain controller, faild domain controller, ntdsutil
