Active Directory Users and Groups Restore
October 8th, 2011 by Awinish Vishwakarma and tagged Authoritative Restore
With windows 2008 R2, you can use AD Recycle bin feature to restore object and its group membership without need of system state backup and booting the DC into DSRM mode. This saves lot of time as well as hardwork required to restore the object and group membership, but organization having large number of domain controller running on windows 2003 will take time to upgrade the DC OS to windows 2008 R2. Windows 2008 R2 is only available in x64 bit, so hardware have to be supportive before you can install x64 bit OS. Due to this constraint it is difficult to upgrade all the DC to 2008 R2 to take benefit of windows 2008 R2 AD Recycle bin feature.
The AD Recycle Bin: Understanding, Implementing, Best Practices, and Troubleshooting
Active Directory Recycle Bin Step-by-Step Guide
http://technet.microsoft.com/en-us/library/dd392261%28WS.10%29.aspx
Restoring group and its membership in windows 2003 is complex and require deeper understanding of AD concepts, so its difficult to say whether to perform authoritative restore in first attempt in the production will be successful or not. The viable approach is to first try in a lab and then into production environment to achieve desired results in without hiccups.
The approach and best practices are outlined in below article to perform authoritative restore of AD objects and its membership.
Disaster Recovery: Active Directory Users and Groups
http://technet.microsoft.com/en-us/magazine/2007.04.adrecovery.aspx
Best practices around Active Directory Authoritative Restores in Windows Server 2003 and 2008
Posted in Directory Services | No Comments »