What happens when you want to recover a large amount of accidentally deleted AD data but all the backups you have to recover from are full system / bare metal backups? No problem.
You might be worried that restoring a single DC will result in the restored DC getting the latest data from other DCs, and in doing so, replicating the deletion of the data you want to recover. Here’s how to get around that.
1) Use whatever backup you have of a DC from a point in time when the data in AD was good (or at least better than it is now that you are missing data).
2) Start the recovered machine without network access.
3) Log in, fire up a CMD prompt and type: ntdsutil
4) Type: active instance ntds
5) Type: authoritative restore
6) Type: restore subtree <container DN>
For example, I typed: restore subtree “dc=domain,dc=com”
7) Re-enable network access.
8) Watch as all AD data for the whole tree is pushed to other domain controllers.
Special thanks to my man Jeff Barnett for figuring this out!
No comments:
Post a Comment