Книга: Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant

Restoring Active Directory

Restoring Active Directory

When restoring system state data to a domain controller, you must choose whether you want to perform an authoritative or nonauthoritative restore. The default is nonauthoritative. In this mode, Active Directory and other replicated data are restored from backup and any changes are replicated from another domain controller. Thus, you can safely restore a failed domain controller without overwriting the latest Active Directory information. On the other hand, if you’re trying to restore Active Directory throughout the network by using archived data, you must use an authoritative restore. With an authoritative restore, the restored data is restored on the current domain controller and then replicated to other domain controllers.

CAUTION An authoritative restore overwrites all Active Directory data throughout the domain. Before you perform an authoritative restore, you must be certain that the archive data is the correct data to propagate throughout the domain and that the current data on other domain controllers is inaccurate, outdated, or otherwise corrupted.

To restore Active Directory on a domain controller and enable the restored data to be replicated throughout the network, follow these steps:

1. Make sure the domain controller server is shut down.

2. Restart the domain controller server, and enter safe mode.

3. Select Directory Services Restore Mode.

4. When the system starts, use the Backup utility to restore the system state data and other essential files.

5. After restoring the data but before restarting the server, use the Ntdsutil.exe tool to mark objects as authoritative. Be sure to check the Active Directory data thoroughly.

6. Restart the server. When the system finishes startup, the Active Directory data should begin to replicate throughout the domain.

Оглавление книги