First off, thank you both for taking the time to respond.
Something (or someone) happened to our AD environment where 2 OU's and several group objects were deleted out of AD. I'm attempting to recover those objects.
It is my understanding that in order to get those objects to replicate back to the other DC's, I need to authoritatively restore those objects back to one of my DC's and mark those subtrees as current (using NTDSUTIL, as VJWare pointed out).
The non-authoritative would be if one of my DC's puked and I wanted to get the A.D. back to where it held most of the data. From there, the other DC's would update it to current. Please correct me if that's wrong. If I were to simply do a non-authoritative, the restored objects would be out of date and the current DC's would overwrite them with what's contained in their sysvol. That is, unless Backup Exec is going in and manipulating the A.D. as if it's creating the objects as BRAND NEW using the OLD data.
Even if I'm doing this wrong and was unintentionally causing myself more problems, the bigger issue is that BE doesn't appear to restore any data to the server. It successfully completes the job but says it restored 0 bytes, 0 files, 1 folder. So right now I don't have much confidence that I would be able to accomplish this if I were to need to do this during a complete disaster!
When I go into NTDSUTIL and try to make the subtree an authoritative object, it says it cannot find it. That's why I'm assuming the restore isn't actually doing anything.
Sadly, I've opened a case with Symantec on this and have made no progress whatsoever. The call-back that was promised to occur within the next 40 minutes, never happened. I specifically came to the forum first because of my extreme distaste for dealing with tech support!!
----------------------------------------------
You had me questioning myself so I did some quick looking online and i found several articles saying the following:
Non-Authoritative Restoration
Used most commonly in cases when a DC needs to be restored due to hardware or software related reasons. This is the default directory services restore mode selection. In this mode, the operating system restores the domain controller’s contents from the backup. After this, the domain controller then receives all directory changes that have been made since the backup from the other domain controllers in the network through replication.
Authoritative Restoration
An authoritative restore is most commonly used in cases in which a change was made within the directory that must be reversed, such as deleting an organizational unit (OU) by mistake. This process restores the DC from the backup and then replicates to and overwrites all other domain controllers in the network to match the restored DC. The especially valuable thing about this is that you can choose to only make certain objects within the directory authoritative. For example, if you delete an OU by mistake you can choose to make it authoritative. This will replicate the deleted OU back to all of the other DC’s in the network and then use all of the other information from these other DC’s to update the newly restored server back up to date.