Copyright © Acronis, Inc., 2000-2009
7
"Domain Controller restore (no other DCs are available) (p. 6)". This method guarantees complete
recovery, and it is reasonable to use it if the domain controller has no other valuable data but the
Active Directory itself, or other valuable data is easy to save (e.g. located on another volume that
doesn’t need to be restored).
Another way is to recover the AD database alone.
The AD database consists of the following files:
1.
NTDS.dit (database file)
2.
Edb.chk (checkpoint file)
3.
Edb*.log (transaction logs)
4.
Res1.log and Res2.log (reserve transaction logs)
By default, these files are located in the %systemroot%\NTDS folder – however, the location is
configurable, so be sure to check this. Also, if any changes have been made to the GPO, the SYSVOL
system volume (%systemroot%\SYSVOL) needs to be restored as well.
The entire process will look like this:
1.
If no other DCs are available, make sure the newest available backup is used for restore. This is
especially important, since all the information created since the last backup will be lost.
2.
Reboot the domain controller into Directory Services Restore mode.
3.
Create a copy of your AD database files.
4.
Restore the files from the backup (use file level restore from an image-level backup to accomplish
that).
5.
Reboot the computer. Make sure the Active Directory service has started successfully.
4.4.
Recovery of accidentally deleted information
An example of accidentally deleted information includes an unintentionally deleted user or computer
account.
There are two different ways how such modification may be rolled back.
First, the most obvious method is to restore the AD database from the backup. If you have only one
domain controller (and thus any restore becomes authoritative), be ready to lose any changes made
since the last backup when using this method. Availability of other domain controllers will give you a
bit more flexibility. To perform authoritative restore of certain entries only, perform the following
steps:
1.
Similarly to the steps from the previous scenario, reboot the domain controller into the Directory
Service Restore mode, and perform restore of the AD database.
2.
Without rebooting the computer, run ntdsutil and type authoritative restore in its command
prompt.
3.
Type the corresponding restore command, such as restore subtree or restore object to perform
authoritative restore of the required object (refer to ntdsutil documentation for more
information). To restore the entire database, use restore database.