10 years ago

Restoring Active directory with BE2014

Hi there, first of all - I don't have an actual problem, just thinking about "what if...". Ok, what, if I have to revert my AD to an earlier point of time. I now about authorative restores but ...
    10 years ago

    No.  There is no simple way to do an AD authoritative restore.

    To do an authoritative restore of AD, you must follow the authoritative AD restore steps given in the first document referenced earlier.  In fact, it would be like recovering the server. Unless you are absolutely sure that the contents of the C: drive is exactly in sync with the registry, then you need to restore the contents of the C: drive to what it was a week ago before restoring the system state from a week ago.

    The moral of the story is that you hope that you never have to restore AD.  Have a couple of DC's so that the failure of a DC will not crash the entire AD.  Use the BE AD agent if you have a need to restore deleted AD objects which is probably the only reason why you need to revert your AD to a week ago. Also remember that by reverting to the AD state one week ago means that all the changes since then would be lost, e,g any user who changed their password during this period would revert to their old password.  You can imagine the chaos that would ensue.