Authoritative Restore Of Ad Objects

To perform an authoritative restore of objects from active directory you should do as follows:

  • Restart DC in Domain Recovery Mode by pressing F8 on the keyboard when booting up
  • Login with ./Administrator and the Domain Recovery password you gave the DC
  • Then type
wbadmin get versions -backuptarget:backuplocation
  • When you have find a backupversion (before the deletion point)
wbadmin start systemstaterecovery -version:ID -backuptarget:backuplocation

Do not reboot when asked!
Then you go into NTDSUTIL
ntdsutil activate instance NTDS
authoritative restore
restore object "distinguishedName"

for single object or
restore subtree "distinguishedName"

for restoring entire OU
When you are running Windows Server and running this within Virtualbox keep the following in mind the let it work

Windows 2008

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License