I'm not sooo expert as others like yourself, EFleis, and Dean Wells. I really don't know a repsfrom a repsto ...
Cheers, -BrettSh (msft) Janitorial Services On Tue, 17 Aug 2004, Rick Kingslan wrote: > Heh...take a hiatus from the list, and look who shows up.... We're getting > quite a good list of 'who's who' in MS AD that drops in now and again. > > Good to hear from you, Brett. You still as cynical as always? <I hope...> > > Rick Kingslan MCSE, MCSA, MCT, CISSP > Microsoft MVP: > Windows Server / Directory Services > Windows Server / Rights Management > Windows Security (Affiliate) > Associate Expert > Expert Zone - www.microsoft.com/windowsxp/expertzone > WebLog - www.msmvps.com/willhack4food > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Monday, August 16, 2004 1:25 PM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] w2k authoritative restore > > Auth restore will auth restore attributes that _exist_ in the backup as they > were at the time of backup, but not auth restore attributes that didn't > exist. Ergo it kind of works as a merge of old attributes that were set and > new attributes that were set post backup. > > ... So is the CA data perhaps in attributes that are not set on the backup > objects? > > Further like we merge the attributes that are auth restored over any > existing ones, we also merge in objects as well. So a new object post > backup will not get "auth restored" (i.e. the closes thing woudl be to > delete the new object) > > Just grasping at straws, don't know much specifics about CA or ADC. > > Cheers, > Brett Shirley (msft) > AD Developer > > On Mon, 16 Aug 2004 [EMAIL PROTECTED] wrote: > > > dear all, sorry to "bomb" the list with queries, but was hoping to get > > a heads up on this issue of authoritative restore subsequent to a > > directory modification using ADC > > > > we are testing the procedure of rollback of a domain that has been > > modified using an ADC connection agreement > > > > i have a backup set taken prior to the processing of the ADC CA and > > can confirm the successful restore of a DC to the prior state. (no > > email address in the user objects no CA objects etc) > > > > despite the fact that this data is restored authoritatively as soon as > > the restored DC is attached to the network with its DS started the > > data prior to the CA processing is overwritten with the data from an > > another server > > > > have followed what seems to be a simple process of auth restore; > > > > 1. boot into DS restore > > 2. restore system state and c: using the original location / always > > overwrite 3. restart 4. boot into DS restore mode 5. run ntdsutil / > > authoritative restore / restore database > > > > my first thought was that the ADC has created that many chages that > > the default version increment of auth restore (7000000) is not enough > > for the restored DC to have higher USN than the server that is left > > online > > > > have tried auth restore with the verinc value of 10000000 but still > > the old data gets overwritten > > > > any clues ?? > > > > GT > > > > > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
