Performing authoritative restore of Active Directory when a domain controller is Backup Exec server

book

Article ID: 100034129

calendar_today

Updated On:

Resolution

To perform an authoritative restore on a domain controller which is also the Backup Exec server
  1. Restart the server and log on to the server in Directory Services Restore Mode.
See your Microsoft documentation for details on how to do this.
  • Restart the computer.
  • Press F8 during startup. The Advanced Boot Options screen appears.
  • Select Directory Services Restore Mode.
  • Log in using the DSRM credentials.
  1. Open the Services.
  2. For each Backup Exec service listed, do the following in the order listed:
  • Click Properties.
  • On the Log On tab, click this account.
  • Enter a user account with local administrator's rights, and then click OK.
  1. Restart the Backup Exec services
  2. Change the Backup Exec System Logon Account to the user account with local administrator's rights using the Logon Account Management dialog box.
  3. Run the Restore Wizard to restore the Active Directory data.
  4. In the Restore Wizard, enable the option Mark this server as the primary arbitrator for replication when restoring SYSVOL in System State on the "How do you want to restore System State data?" panel.
  5. Do not restart the computer after the restore job finishes.
  6. Restore the Active Directory by performing the following:
See your Microsoft documentation for details on the NTDSUTIL utility.
  • Open a command prompt.
  • Type NTDSUTIL, and then press Enter.
  • Type Activate Instance NTDS, and then press Enter.
  • Type Authoritative Restore, and then press Enter.
  • Type the following command, and then press Enter:
restore subtree ou=OU_Name,dc=Domain_Name,dc=xxx

is the name of the organizational unit that you want to restore, is the domain name that the OU resides in, and is the top-level domain name of the domain controller, such as com, org, or net.
  • Repeat these steps as many times as necessary for the specific objects that you need to restore.
  • After you have finished restoring Active Directory information, exit NTDSUITIL.  
  1. Restart the computer.
  2. Open the Services, and then revert to the original Log On account for the Backup Exec services.
  3. Restart the Backup Exec services.
  4. Change the Backup Exec System Logon Account back to the original user account using the Logon Account Management dialog box.

 

Issue/Introduction

This article describes how to perform an authoritative restore of the Active Directory if a domain controller is the Backup Exec server.
Powered by Wolken Software