Home > Certification Saturdays > 70-294 Concepts: Active Directory Restore

70-294 Concepts: Active Directory Restore


  • graduationDelete OU which was replicared, need t o perform authoratative restore (not lostandfound; when below is not available)
  • Delete ou which was replicated, need to perform non-auth restore, and then mark single OU as auth (more granular than above, when available as an answer)
  • Failued of hard drive on one dc (multi dc enviro), non-authoriataive restore
  • Any restore of AD requires DSRM (Directory Services Restore Mode) – boots local uses local username/password SAM; no GPO applied
  • Safe mode still boots AD, but does not apply GPO on DC
  • Use NTDSUTIL to reset DSRM password on each DC seperately
  • Rombstone lifespan should be greater than backup interval, use ADSIedit, script or ldp.exe to modify time (default 60 days)
Advertisements
Tags: , , ,
  1. Scott Santini
    Apr 29, 2009 at 06:08

    Scriptlogic’s active administrator can recover active directory objects in a very granular way down to a single attribute of a single object.

    And the best thing about this product is that it can do it even without rebooting into directory services restore mode while keeping domain controller online.

  1. No trackbacks yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: