RE: [ActiveDir] Authoritative Restore problems

[Grillenmeier, Guido]

Mike, can you be a little more specific about the steps that you took to do your restore? This should work fine using the ntdsutil -> authoritative restore -> restore object “Cn=test user, ou=it,dc=mycorp,dc=com” command. Obviously provided you previously took a backup, rebooted to DSRM mode and have restored the AD DB (SystemState) to the DC – the Auth Restore needs to happen right after the restore of the SystemState, prior to the reboot of the DC.   Check out the whitepaper I wrote with Gil (http://www.netpro.com/media/pdf/NetPro_ADDR_Guide.pdf). Pages 11 to 13 walk you through how to do an Auth. Restore of objects, and since you have R2 (includes SP1), you can go right to page 21 to see how to recover potentially missing links of your recovered object (such as group membership etc.). Hope you don’t have a multi-domain environment and are heavily relying on cross populating domain local groups in all the domains in your forest – this adds extra headaches for the recovery of the links (also described in the whitepaper).   /Guido     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Friday, August 04, 2006 6:57 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Authoritative Restore problems   I’ve been asked to write a Disaster recovery doc for our company.  I’m trying to delete a single user account and do an authoritative restore of that account. (in a test environment of course)   Before I deleted the test account I used adsiedit to verify the path to the account. Cn=test user, ou=it,dc=mycorp,dc=com From Directory restore mode, I can start the Authoritative restore but it always fails with:   Could not find object with the failed DN: failed on component “cn=test user”.   Authoritative restore failed Error 800ffff parsing input – illegal syntax?     I’ve reviewed http://support.microsoft.com/?id=840001 and it says I must use quotes – either way it fails.   I’ve even tried the workaround described in here: http://support.microsoft.com/?kbid=886689 Suggestions?    Environment: Windows 2003 R2   Thanks in advance Mike