Saturday, 27 June 2015

Authoritative Restore using Backup Exec

Authoritative Restoration :

An authoritative restore is most commonly used in cases in which a change was made within the directory that must be reversed, such as deleting an organization unit by mistake. This process restores the DC from the backup and then replicates to and overwrites all other domain controllers in the network to match the restored DC. The especially valuable thing about this is that you can choose to only make certain objects within the directory authoritative. For example, if you delete an OU by mistake you can choose to make it authoritative. This will replicate the deleted OU back to all of the other DC’s in the network and then use all of the other information from these other DC’s to update the newly restored server back up to date. 

  1. 1) At the remote server, press F8 during startup.
    A menu appears that allows you to diagnose and fix system startup problems.
  2. Select Directory Services Restore Mode.

  3. At the media server, start Backup Exec.
  4. From the navigation bar, click Restore.

  5. Select System State (Windows 2000 and later) or Shadow Copy (Windows 2003 and later) components as the restore selections.
  6. From the Properties pane, under Source, select Resource Credentials.
  7. Highlight the restore selection for the remote server and click New.
  8. Create a new logon account for this restore job. The account should have administrator privileges on the remote server.
  9. Select the new logon account and click OK.
  10. Run the Restore job.
    At the remote server:
  11. At this point, you can either choose to restore the entire Active Directory, or specific objects from the Active Directory:
    Restore the entire Active Directory by performing the following:
    • Open a command prompt.
    • Type NTDSUTIL and press Enter.
    • Type Authoritative Restore and press Enter.
    • Type Restore Database, press Enter, click OK and then click Yes.
    See Microsoft's documentation for running NTDSUTIL on Windows Server 2008/2008 R2.
    Restore specific objects from the Active Directory by performing the following:
    • Open a command prompt.
    • Type NTDSUTIL and press Enter.
    • Type Authoritative Restore and press Enter.
    • Type Restore Subtree "ou=<OU Name>.dc=<domain name>,dc=<xxx> (without the quotation marks), and then press Enter, where <OU Name> is the name of the organizational unit you want to restore, <domain name> is the domain name the OU resides in, and <xxx> is the top level domain name of the domain controller, such as com, org, or net. You can do this as many times for as many objects you need to restore.
  12. Once you have finished restoring Active Directory information, exit NTDSUTIL.
  13. Restart the computer.
For more information please follow the below Tech notes
https://support.symantec.com/en_US/article.HOWTO23130.html

No comments:

Post a Comment