How to Perform an Authoritative Restore to a Domain Controller

ID: Q241594

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server

SUMMARY

This article discusses how to perform an authoritative restore of the Active Directory to a Windows 2000-based domain controller.


MORE INFORMATION

During a normal file restore operation, Microsoft Windows Backup operates in non-authoritative restore mode. In this mode, Windows Backup restores all files, including Active Directory objects, with their original Update Sequence Number (USN) or numbers. The Active Directory replication system uses the USN to detect and replicate changes to the Active Directory to all of the domain controllers on the network. All data that is restored non-authoritatively appears to the Active Directory replication system as old data. Old data is never replicated to any other domain controllers. The Active Directory replication system updates the restored data with newer data from other domain controllers. Performing an authoritative restore resolves this issue.

NOTE: An authoritative restore should be used with extreme caution due the impact it could have on the Active Directory. An authoritative restore must be performed immediately after the computer has been restored from a previous backup, prior to restarting the domain controller in normal mode. Performing an authoritative restore replicates all objects and attributes stored in the Active Directory to every domain controller in the forest. To perform an authoritative restore on the computer, you must use the Ntdsutil.exe tool to make the necessary USN changes to the Active Directory database.

For additional information about restoring the system state to a domain controller from a previous backup, click the article number below to view the article in the Microsoft Knowledge Base:

Q240363 How to Back Up and Restore the System State
For additional information about the impact of performing an authoritative restore, click the article number below to view the article in the Microsoft Knowledge Base:
Q216243 Authoritative Restore of Active Directory and Impact on Trusts and Computer Accounts
After the data has been restored, use Ntdsutil.exe to perform the authoritative restore:
  1. At a command prompt, type ntdsutil, and then press ENTER.


  2. Type authoritative restore and then press ENTER.


  3. Type restore database, press ENTER, click OK, and then click Yes.


Additional query words:

Keywords : kbnetwork kbtool ntdomain
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbhowto


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.