RE: [ActiveDir] Authoritative Restore problems

[Grillenmeier, Guido]

Make absolutely sure that you type the DN correctly – I just noticed you have a SPACE between “user,” and “ou=it” – if you entered the DN this way, it wouldn’t work…   P.S.: won’t read the posts for the next two weeks since I’m taking off for vacation tomorrow.     /Guido   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Friday, August 04, 2006 4:26 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Authoritative Restore problems   Guido   Yes, I took a backup of the system state, rebooted into DSRM -> ran ntbackup and restored the system state, went to NTDSUTIL and then tried my “Auth Res” and it still failed.  Which is why I’m confused. I actually have read the article you wrote in your hyperlink, and I know you read these post so I was actually hoping to get your opinion.   I will try again – and let you know what happens.   Thanks, Mike   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Thursday, August 03, 2006 11:14 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Authoritative Restore problems   Mike, can you be a little more specific about the steps that you took to do your restore? This should work fine using the ntdsutil -> authoritative restore -> restore object “Cn=test user, ou=it,dc=mycorp,dc=com” command. Obviously provided you previously took a backup, rebooted to DSRM mode and have restored the AD DB (SystemState) to the DC – the Auth Restore needs to happen right after the restore of the SystemState, prior to the reboot of the DC.   Check out the whitepaper I wrote with Gil (http://www.netpro.com/media/pdf/NetPro_ADDR_Guide.pdf). Pages 11 to 13 walk you through how to do an Auth. Restore of objects, and since you have R2 (includes SP1), you can go right to page 21 to see how to recover potentially missing links of your recovered object (such as group membership etc.). Hope you don’t have a multi-domain environment and are heavily relying on cross populating domain local groups in all the domains in your forest – this adds extra headaches for the recovery of the links (also described in the whitepaper).   /Guido     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Friday, August 04, 2006 6:57 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Authoritative Restore problems   I’ve been asked to write a Disaster recovery doc for our company.  I’m trying to delete a single user account and do an authoritative restore of that account. (in a test environment of course)   Before I deleted the test account I used adsiedit to verify the path to the account. Cn=test user, ou=it,dc=mycorp,dc=com From Directory restore mode, I can start the Authoritative restore but it always fails with:   Could not find object with the failed DN: failed on component “cn=test user”.   Authoritative restore failed Error 800ffff parsing input – illegal syntax?     I’ve reviewed http://support.microsoft.com/?id=840001 and it says I must use quotes – either way it fails.   I’ve even tried the workaround described in here: http://support.microsoft.com/?kbid=886689 Suggestions?    Environment: Windows 2003 R2   Thanks in advance Mike