IMPORTANT It is absolutely critical that you do not start the server in normal mode, or Active
Directory Domain Services will immediately begin synchronization. If you are unsure whether you
can properly boot into DSRM, unplug the network cable prior to restart to ensure that there is no way
synchronization can occur if the server is accidentally booted up normally.
2. Choose Start | Run to open the command prompt, type ntdsutil, and then
press enter.
3. Type activate instance NTDS and then press enter.
4. Type authoritative restore and then press enter.
5. Type restore object ???CN=TestUser,CN=Users,DC=TESTDOM2,DC=LOCAL???,
and then press enter.
6. Click Yes to confirm the command.
7. Take a note of where the text file and LDIF files for the operation are stored.
You may need this information to restore backlinks in this domain or a
different domain.
8. Type quit and then press enter.
9. After the restore has completed, run the following sequence of commands to
reset the server in normal (non-DSRM) mode:
Bcdedit /deletevalue safeboot
shutdown -t 0 -r
141 Chapter 4: Active Directory Domain Services
10. Log on to the server.
11. Open a command prompt, run the following command, and make sure that
no errors are returned (this assumes that DNS name of this server is SERVER3.
TESTDOM2.LOCAL):
Repadmin /syncall SERVER3.TESTDOM2.LOCAL /e d /A /P /q
12. Recover any backlinks to the object you just restored using the LDIF file that
was created by the authoritative restore.
Pages:
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192